|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] Bad escape sequence?
From: sekure (sekure
gmail.com)
Date: Fri Sep 30 2005 - 08:31:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have a rule in my local.rules that i picked up somewhere on the mailing lists:
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IE suspicious
access to WSH (Windows Script Host)"; flow: from_server,established;
content:"object"; nocase; content:"id"; nocase; content:"wsh"; nocase;
content:"classid"; nocase; content:"clsid\:"; nocase;
content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; nocase; content:"\/";
nocase; content:"object"; nocase; reference: url,
http.www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm;
classtype:misc-attack; sid:1000042; rev:1;)
I just upgraded from 2.4.0 to 2.4.2 and upon launching snort i get:
"bad escape sequence starting with "\/". Fatal Error, Quitting.."
This used to work with 2.4.0 and before. What changed?
Thanks,
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]