Snort mailing list archives
sd_pattern question
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Thu, 29 Apr 2010 14:15:44 -0400
I have two rules... alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"SSN with dashes sent over email"; gid:138; sid:400000002; sd_pattern:1,us_social; classtype:policy-violation; metadata:service smtp; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"SSN with dashes sent over web ports"; gid:138; sid:400000005; sd_pattern:1,us_social; classtype:policy-violation; metadata:service smtp; rev:1;) When snort-2.8.6 starts with both those rules I get the following error... snort[5551]: FATAL ERROR: Sensitive Data rule 138:400000005 uses a pattern that duplicates rule 138:400000002. Is this by design? ------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- sd_pattern question Jason Wallace (Apr 29)