Snort mailing list archives

Previous By Date Next
Previous By Thread Next

sd_pattern question

From: Jason Wallace <jason.r.wallace () gmail com>
Date: Thu, 29 Apr 2010 14:15:44 -0400
I have two rules...

alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"SSN with dashes
sent over email"; gid:138; sid:400000002; sd_pattern:1,us_social;
classtype:policy-violation; metadata:service smtp; rev:1;)

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"SSN with
dashes sent over web ports"; gid:138; sid:400000005;
sd_pattern:1,us_social; classtype:policy-violation; metadata:service
smtp; rev:1;)

When snort-2.8.6 starts with both those rules I get the following error...

snort[5551]: FATAL ERROR: Sensitive Data rule 138:400000005 uses a
pattern that duplicates rule 138:400000002.


Is this by design?

------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Previous By Date Next
Previous By Thread Next

Current thread: