Snort mailing list archives
Re: Re: [Snort-sigs] Bad escape sequence?
From: "Ali Eghtessadi" <ali () babcockbrown com>
Date: Fri, 30 Sep 2005 08:16:42 -0700
Speedy gonzales CIO sekure wrote:
That was what I tried after i fired off the email and it worked. Thanks! On 9/30/05, Joel Esler <joel.esler () sourcefire com> wrote:you may not need to escape it anymore. remove the "\" J On Sep 30, 2005, at 9:31 AM, sekure wrote:I have a rule in my local.rules that i picked up somewhere on the mailing lists: alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IE suspicious access to WSH (Windows Script Host)"; flow: from_server,established; content:"object"; nocase; content:"id"; nocase; content:"wsh"; nocase; content:"classid"; nocase; content:"clsid\:"; nocase; content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; nocase; content:"\/"; nocase; content:"object"; nocase; reference: url, http.www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm; classtype:misc-attack; sid:1000042; rev:1;) I just upgraded from 2.4.0 to 2.4.2 and upon launching snort i get: "bad escape sequence starting with "\/". Fatal Error, Quitting.." This used to work with 2.4.0 and before. What changed? Thanks, ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
-- Ali Eghtessadi Chief Information Officer Babcock & Brown Phone : 415-267-1626 Email : ali () babcockbrown comThis email message may contain information that is confidential and proprietary to Babcock & Brown or a third party. If you are not the intended recipient, please contact the sender and destroy the original and any copies of the original message. Babcock & Brown takes measures to protect the content of its communications. However, Babcock & Brown cannot guarantee that email messages will not be intercepted by third parties or that email messages will be free of errors or viruses.
If you do not wish to receive any further e-mail from Babcock & Brown, please send an email to opt-out () babcockbrown com.
Current thread:
- Bad escape sequence? sekure (Sep 30)
- Re: [Snort-sigs] Bad escape sequence? dajackman (Sep 30)
- Message not available
- Re: [Snort-sigs] Bad escape sequence? sekure (Sep 30)
- Re: Re: [Snort-sigs] Bad escape sequence? Ali Eghtessadi (Sep 30)
- Re: [Snort-sigs] Bad escape sequence? sekure (Sep 30)