[Oisf-users] shellshock conundrum

Russell Fulton r.fulton at auckland.ac.nz
Tue Sep 30 00:31:16 UTC 2014

On 30/09/2014, at 1:01 am, Victor Julien <lists at inliniac.net> wrote:
>> BTW I have notice differences nothing quite this bad.
>> Any ideas about where to start looking for problems.
> Can you (privately) share a pcap?
> It may be related to this issue here:
> https://redmine.openinfosecfoundation.org/issues/1275

I have swapped several emails with Victor (thanks!) and after restarting suricata things started working as expected.  I am not sure what is going on but it does not appear to be any thing to do with the detection engine in suri.

Now suricata is detecting many more events than the old snort.  I have gone back to restarting suricata after each rule update rather than sending a HUP and I will see if this improves things.


More information about the Oisf-users mailing list