Snort mailing list archives
Re: [Snort-sigs] Bad escape sequence?
From: sekure <sekure () gmail com>
Date: Fri, 30 Sep 2005 10:09:52 -0400
That was what I tried after i fired off the email and it worked. Thanks! On 9/30/05, Joel Esler <joel.esler () sourcefire com> wrote:
you may not need to escape it anymore. remove the "\" J On Sep 30, 2005, at 9:31 AM, sekure wrote:I have a rule in my local.rules that i picked up somewhere on the mailing lists: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IE suspicious access to WSH (Windows Script Host)"; flow: from_server,established; content:"object"; nocase; content:"id"; nocase; content:"wsh"; nocase; content:"classid"; nocase; content:"clsid\:"; nocase; content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; nocase; content:"\/"; nocase; content:"object"; nocase; reference: url, http.www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; classtype:misc-attack; sid:1000042; rev:1;) I just upgraded from 2.4.0 to 2.4.2 and upon launching snort i get: "bad escape sequence starting with "\/". Fatal Error, Quitting.." This used to work with 2.4.0 and before. What changed? Thanks, ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bad escape sequence? sekure (Sep 30)
- Re: [Snort-sigs] Bad escape sequence? dajackman (Sep 30)
- Message not available
- Re: [Snort-sigs] Bad escape sequence? sekure (Sep 30)
- Re: Re: [Snort-sigs] Bad escape sequence? Ali Eghtessadi (Sep 30)
- Re: [Snort-sigs] Bad escape sequence? sekure (Sep 30)