Snort mailing list archives
Re: F5 BIG-IP
From: Geoffrey Serrao <gserrao () sourcefire com>
Date: Fri, 10 Feb 2017 17:56:28 -0500
It means that instead of rule options evaluated separated in a rule tree (as is the case with text rules) the fast pattern candidate calls a complete detection function already compiled in c. The source code for shared objects are available when you download the ruleset. For this particular sid the file is src/server-other_f5-bigip-memory-disclosure.c On Fri, Feb 10, 2017 at 5:50 PM, Joshua Ochsankehl < joshua.ochsankehl () gmail com> wrote:
Does that mean there is a plugin or process outside of the snort rule inspecting the traffic? On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort () outlook com> wrote:This is a gid:3 signature; a shared object rule. The detection part of a is a compiled object. What you see is the signature stub. YM ------------------------------ *From:* Joshua Ochsankehl <joshua.ochsankehl () gmail com> *Sent:* Saturday, February 11, 2017 1:31:26 AM *To:* snort-sigs () lists sourceforge net *Subject:* [Snort-sigs] F5 BIG-IP Snort talos rules 41547-8 don't contain any content and only have commands within metadata. What is it actually doing? V/R, Joshua "Ox" Ochsankehl ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- F5 BIG-IP Joshua Ochsankehl (Feb 10)
- Re: F5 BIG-IP Alex McDonnell (Feb 10)
- Re: F5 BIG-IP Y M (Feb 10)
- Re: F5 BIG-IP Joshua Ochsankehl (Feb 10)
- Re: F5 BIG-IP Y M (Feb 10)
- Re: F5 BIG-IP Joshua Ox (Feb 10)
- Re: F5 BIG-IP Geoffrey Serrao (Feb 10)
- Re: F5 BIG-IP Joshua Ochsankehl (Feb 10)