Snort mailing list archives
Re: Bad range in Snort rules
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 16 Dec 2013 17:00:32 +0000
Lukas, yes, this will be fixed in an upcoming release. -- Joel Esler Intelligence Lead OpenSource Manager Vulnerability Research Team Jabber: jesler () cisco com<mailto:jesler () cisco com> On Dec 16, 2013, at 5:12 AM, Lukas Matt <lukas.matt () sophos com<mailto:lukas.matt () sophos com>> wrote: Hey guys, I ran into following error message "Bad range: 4294967296" That affect rule 28519 and 28514. The problem here is following part: byte_test:4,>,4294967296,18,relative,little; Under 32bit the maximum Int is 2^32-1 but in the rule you forgot to subtract 1. I checked also the documentation and the maximum for your byte_test is 4294967295. Could you double check that? Cheers, Lukas -- Lukas Matt Deep Packet Inspection Researcher, RnD tel: +49-721-25516-322, cell: +49-174-3440-555 Sophos Technology GmbH Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany SOPHOS Security made simple --- Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658 Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Bad range in Snort rules Lukas Matt (Dec 16)
- Re: Bad range in Snort rules Joel Esler (jesler) (Dec 16)