[Oisf-devel] a small pb on suricata v0.8.2
Victor Julien
victor at inliniac.net
Wed Apr 28 09:10:34 UTC 2010
This issue has been fixed in the current git master (commit
a152623e11dc15ac0d486e1c17819d2b47294562). Thanks again for the report
Rmkml!
Cheers,
Victor
Victor Julien wrote:
> Thanks Rmkml, I've opened a ticket for this issue:
> https://redmine.openinfosecfoundation.org/issues/show/130
>
> Should be fixed soon!
>
> Thanks again,
> Victor
>
> rmkml wrote:
>> Hi,
>> First, Big Congratulations for new Suricata 0.8.2 release!
>>
>> Second, I have a small pb with a signature/rule:
>> -this rule not detect/work: (WWW uppercase and space)
>> alert tcp any 80 -> any any (msg:"no1"; flow:to_client,established;
>> content:"WWW-Authenticate\: "; nocase;
>> classtype:web-application-activity; sid:9000000; rev:1;)
>> -but small variant detect/work: (mix case and space)
>> alert tcp any 80 -> any any (msg:"ok1"; flow:to_client,established;
>> content:"Www-Authenticate\: "; nocase;
>> classtype:web-application-activity; sid:9000001; rev:1;)
>> -another small variant detect/work: (WWW uppercase without space)
>> alert tcp any 80 -> any any (msg:"ok2"; flow:to_client,established;
>> content:"WWW-Authenticate\:"; nocase;
>> classtype:web-application-activity; sid:9000002; rev:1;)
>>
>> Joigned pcap with good cksum (it's a live/real trafic, not fuzzing).
>> Tested without any another signatures/rules + output is fast option +
>> pattern-matcher default b2g + host-os-policy are default or linux have
>> same pb + libhtp use default-config but apache server-config have same pb.
>> If anyone have a idea?
>> Regards
>> Rmkml
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list