Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] Errors with the Snort manual

From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Thu, 18 Feb 2010 14:43:21 -0600
Joel, can you also add these, as they were discovered in the Snort 
2.8.5.1 manual:

    Escaping colon no longer necessary.

    Disparity in spacing between the keyword and the argument, for 
example, page #126 example 3.5.7 or page #127 example 3.5.10 which 
includes both a space and a no-space after the keyword.  Actually, it 
looks like a good portion of the ABCDEF style matches are like this.  
The usage syntax clearly shows a space.  So which is the convention?  I 
know VRT says "no space" but the manual is all over the map with it's 
examples and usage syntax.

    Page #120, 'kickass-porn' is still present, thought this was removed?

    Page #120, example in section 3.4.7 has the semi-colon outside of 
the close parenthesis, this rule breaks Snort.

    Page #117, hex content match, that's some insane spacing/format there.

    Page #143, RPC example, has an extra semi-colon outside the close 
parenthesis.

There may be more, I really hope this helps.  Thanks!

PS - VRT did you get the ET goodness I had sent to you yet?  Maybe Matt 
Olney can chime in?

-evilghost



Joel Esler wrote:

Mike,

That's a good point.  (The third example.)

I'll bring that up.



------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: