[Oisf-devel] a small pb on suricata v0.8.2
Victor Julien
victor at inliniac.net
Tue Apr 20 09:06:38 UTC 2010
Thanks Rmkml, I've opened a ticket for this issue:
https://redmine.openinfosecfoundation.org/issues/show/130
Should be fixed soon!
Thanks again,
Victor
rmkml wrote:
> Hi,
> First, Big Congratulations for new Suricata 0.8.2 release!
>
> Second, I have a small pb with a signature/rule:
> -this rule not detect/work: (WWW uppercase and space)
> alert tcp any 80 -> any any (msg:"no1"; flow:to_client,established;
> content:"WWW-Authenticate\: "; nocase;
> classtype:web-application-activity; sid:9000000; rev:1;)
> -but small variant detect/work: (mix case and space)
> alert tcp any 80 -> any any (msg:"ok1"; flow:to_client,established;
> content:"Www-Authenticate\: "; nocase;
> classtype:web-application-activity; sid:9000001; rev:1;)
> -another small variant detect/work: (WWW uppercase without space)
> alert tcp any 80 -> any any (msg:"ok2"; flow:to_client,established;
> content:"WWW-Authenticate\:"; nocase;
> classtype:web-application-activity; sid:9000002; rev:1;)
>
> Joigned pcap with good cksum (it's a live/real trafic, not fuzzing).
> Tested without any another signatures/rules + output is fast option +
> pattern-matcher default b2g + host-os-policy are default or linux have
> same pb + libhtp use default-config but apache server-config have same pb.
> If anyone have a idea?
> Regards
> Rmkml
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list