[Oisf-devel] max sid number (not error) print 4294967295
Victor Julien
victor at inliniac.net
Wed Mar 13 15:26:30 UTC 2013
On 03/09/2013 10:55 PM, rmkml wrote:
> Im continue my testing and Im curious with these sig:
>
> alert tcp any any -> any any (msg:"test sid";
> flow:to_server,established; content:"LIST"; classtype:suspicious-login;
> sid:99999999999999999999; rev:1;)
>
> Suricata fire:
>
> 03/03/2013-11:55:34.881652 [**] [1:4294967295:1] test sid [**]
> [Classification: An attempted login using a suspicious username was
> detected] [Priority: 2] {TCP} 192.168.1.2:58129 -> 21.7.6.7:21
>
> Maybe add sid checking ?
Opened ticket 779.
Thanks!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list