Snort mailing list archives

Re: [Emerging-Sigs] FATALs with snort-2.9.0.3

From: Matthew Jonkman <jonkman () emergingthreatspro com>
Date: Tue, 21 Dec 2010 11:57:41 -0500

And to be clear, we REALLY appreciate the better error checking. Been asking for it for a while, ever since snort got 
quiet about errors a couple years ago. :)

These rules that are throwing errors still work on pre 2.9.0.3. We'll have these all fixed up for the next ruleset 
release. Which was going to be this afternoon, but likely later this evening. 

Thanks!

Matt

On Dec 21, 2010, at 11:52 AM, evilghost () packetmail net wrote:

* PGP Signed by an unknown key

On 12/21/10 10:46, Joel Esler wrote:

The error checking was improved as a result of the ETPro personnel filing a bug with us when using a "distance" or a 
"within" with no previous relative offset in their ruleset.  We provided this feedback to the ETPro development team 
at that time and corrections were made to the rule in question.


Thanks Joel, I figured it was something like that and thought it abnormal if it
were blogged-only, so I was seeking clarification.  That's why I didn't go into
one of my usual tirades. :)

Joel


-evilghost

* Unknown Key
* 0xEEEB1387(L)
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!



----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months.  Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your 
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

FATALs with snort-2.9.0.3 Lay, James (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
  - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 22)
    - Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
  - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)