<div dir="ltr">You should report the FPs back to Nick Galbreath via libinjection on github.  Nick has been very responsive to them in the past and I know is looking for more feedback like this.<div><br></div><div style>Cheers!</div>
<div style>-B</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jul 3, 2013 at 12:54 PM, Seth Hall <span dir="ltr"><<a href="mailto:seth@icir.org" target="_blank">seth@icir.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
On Jul 2, 2013, at 2:18 AM, Peter Manev <<a href="mailto:petermanev@gmail.com">petermanev@gmail.com</a>> wrote:<br>
<br>
> Yes it is considered -<br>
> <a href="https://redmine.openinfosecfoundation.org/issues/547" target="_blank">https://redmine.openinfosecfoundation.org/issues/547</a><br>
<br>
<br>
</div>For the record, I just spent a few minutes and integrated this into Bro and ran it on some real world traffic and this isn't good.  There are a lot of false positives.  It's probably another one of those things that tends to work fine if you run it on your own server, but when you're watching general internet traffic it starts showing some flaws.<br>

<br>
  .Seth<br>
<br>
--<br>
Seth Hall<br>
International Computer Science Institute<br>
(Bro) because everyone has a network<br>
<a href="http://www.bro.org/" target="_blank">http://www.bro.org/</a><br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</div></div></blockquote></div><br></div>