|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] Livelock with "nocase"
From: Martin Roesch (roesch
hiverworld.com)Date: Mon Mar 06 2000 - 17:02:40 CST
- Next message: Martin Roesch: "Re: [snort] snortdb & snortnet"
- Previous message: Andrew R. Baker: "[snort] Closing -b log file"
- In reply to: Mullen, Patrick: "RE: [snort] Livelock with "nocase""
- Next in thread: Erich Meier: "Re: [snort] Livelock with "nocase""
- Reply: Martin Roesch: "Re: [snort] Livelock with "nocase""
- Reply: Erich Meier: "Re: [snort] Livelock with "nocase""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, it could just be a matter of the lack of a closing pipe leaving
the content size counter too large/"unclosed" and the content matcher
walking off the end of the rule. I've got to put in a check to make
sure that those pipes get closed properly in the parser.....
"Mullen, Patrick" wrote:
>
> > One thing: you're missing the closing "pipe" character on the rule
> > you've got there, that could be causing the crash.....
>
> Not that that's the complete solution, of course. ;)
>
> ~Patrick
-- Martin Roesch <roesch
- Next message: Martin Roesch: "Re: [snort] snortdb & snortnet"
- Previous message: Andrew R. Baker: "[snort] Closing -b log file"
- In reply to: Mullen, Patrick: "RE: [snort] Livelock with "nocase""
- Next in thread: Erich Meier: "Re: [snort] Livelock with "nocase""
- Reply: Martin Roesch: "Re: [snort] Livelock with "nocase""
- Reply: Erich Meier: "Re: [snort] Livelock with "nocase""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]