[Oisf-devel] FN with uri shoutbox.php on all Suricata versions
rmkml at free.fr
rmkml at free.fr
Sat Jul 24 12:36:01 UTC 2010
Anyone can confirm pb please?
Regards
Rmkml
Selon rmkml at free.fr:
> Hi,
> Anyone confirm this FN please?
> Tested on Suricata v0.9.2 v1.0.0 and git yesterday.
> I don't have good internet access so please try this:
> -record all network trafic like tcpdump
> -go to this uri, for exemple: http://www.Google.com/shoutbox.php
> -test this pcap with suricata and this old sid 2142 (detect simply uricontent
> /shoutbox.php)
> -first result: Suricata fire, good!
> -ok add this sig please:
> alert tcp any 80 -> any any (msg:"test1"; flow:to_client,established;
> uricontent:"unknownabc"; nocase; sid:10; rev:1;)
> -With theses two sigs: Suricata not fire, why?
> Im open a new ticket if you confirm pb.
> Regards
> Rmkml
>
>
>
More information about the Oisf-devel
mailing list