[Oisf-devel] max sid number (not error) print 4294967295
rmkml
rmkml at yahoo.fr
Sat Mar 9 21:55:03 UTC 2013
Hi,
Im continue my testing and Im curious with these sig:
alert tcp any any -> any any (msg:"test sid"; flow:to_server,established; content:"LIST"; classtype:suspicious-login; sid:99999999999999999999; rev:1;)
Suricata fire:
03/03/2013-11:55:34.881652 [**] [1:4294967295:1] test sid [**] [Classification: An attempted login using a suspicious username was detected] [Priority: 2] {TCP} 192.168.1.2:58129 -> 21.7.6.7:21
Maybe add sid checking ?
Regards
Rmkml
More information about the Oisf-devel
mailing list