Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disablesid not working

From: JJ Cummings <cummingsj () gmail com>
Date: Thu, 14 Oct 2010 14:05:57 -0400
I'll have to look, but I bet they those are flowbits:set rules that are dependencies of other ruled, and are thusly 
turned back on... Might be a use case for modifysid and adding a flowbits:noalert etc...

Sent from the iRoad

On Oct 14, 2010, at 13:19, Mike Kun <mkun () akamai com> wrote:


I'm having an issues where some of the rules in my disablesid file are
not working.
It's not that the contents of the file aren't being read, only that some
signatures continue to fire.

Fir example, I have a list of sids:
1:408,1:384,1:449,1:402,1:483,1:485,1:486,1:401,1:366,1:368,1:384,1:385,1:466

but 1-466 will fire.

I have reran pulledpork and then stopped and restarted barnyard2 and snort.


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: