[Oisf-devel] FN with uri shoutbox.php on all Suricata versions
Victor Julien
victor at inliniac.net
Sun Jul 25 13:10:39 UTC 2010
Can you retry this on the current (1 minute ago) git master?
Cheers,
Victor
rmkml at free.fr wrote:
> Hi,
> Anyone confirm this FN please?
> Tested on Suricata v0.9.2 v1.0.0 and git yesterday.
> I don't have good internet access so please try this:
> -record all network trafic like tcpdump
> -go to this uri, for exemple: http://www.Google.com/shoutbox.php
> -test this pcap with suricata and this old sid 2142 (detect simply uricontent
> /shoutbox.php)
> -first result: Suricata fire, good!
> -ok add this sig please:
> alert tcp any 80 -> any any (msg:"test1"; flow:to_client,established;
> uricontent:"unknownabc"; nocase; sid:10; rev:1;)
> -With theses two sigs: Suricata not fire, why?
> Im open a new ticket if you confirm pb.
> Regards
> Rmkml
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list