|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Russ Combs (rcombs
sourcefire.com)
Date: Thu Aug 26 2010 - 11:31:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Aug 19, 2010 at 1:44 PM, waldo kitty <wkitty42windstream.net>wrote:
>
> can someone please explain why these broken SIDs are not also disabled when
> the
> required flowbit setting SID is disabled??
>
Unfortunately, Snort doesn't automatically disable such rules, but the
warnings are there to help you fix the problem as you see fit. We do have a
bug on this, but it is low priority.
VRT can address the specific cases in question.
Russ
>
> WARNING: SID 13865 depends on flowbit "http.bmp" which is set in INACTIVE
> SID
> 16205 (SID 13865 is broken unless you also enable SID 16205).
>
> WARNING: SID 13712 depends on flowbit "tlsv1.client_hello.request" which is
> set
> in INACTIVE SID 3059 (SID 13712 is broken unless you also enable SID 3059).
>
> WARNING: SID 13711 depends on flowbit "tlsv1.client_hello.request" which is
> set
> in INACTIVE SID 3059 (SID 13711 is broken unless you also enable SID 3059).
>
> WARNING: SID 13714 depends on flowbit "tlsv1.client_hello.request" which is
> set
> in INACTIVE SID 3059 (SID 13714 is broken unless you also enable SID 3059).
>
> WARNING: SID 13710 depends on flowbit "tlsv1.client_hello.request" which is
> set
> in INACTIVE SID 3059 (SID 13710 is broken unless you also enable SID 3059).
>
> WARNING: SID 13585 depends on flowbit "csv.download" which is set in
> INACTIVE
> SID 13584 (SID 13585 is broken unless you also enable SID 13584).
>
> WARNING: SID 13713 depends on flowbit "tlsv1.client_hello.request" which is
> set
> in INACTIVE SID 3059 (SID 13713 is broken unless you also enable SID 3059).
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]