Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Re: [Snort-sigs] Bad escape sequence?

from [Ali Eghtessadi] Network Security [Permanent Link]
Subject: Re: [Snort-users] Re: [Snort-sigs] Bad escape sequence?
Date: Fri, 30 Sep 2005 08:16:42 -0700 
Speedy gonzales CIO

sekure wrote:

That was what I tried after i fired off the email and it worked.

Thanks!

On 9/30/05, Joel Esler <joel.esler@sourcefire.com> wrote:


you may not need to escape it anymore.  remove the "\"

J
On Sep 30, 2005, at 9:31 AM, sekure wrote:



I have a rule in my local.rules that i picked up somewhere on the
mailing lists:

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"IE suspicious
access to WSH (Windows Script Host)"; flow: from_server,established;
content:"object"; nocase; content:"id"; nocase; content:"wsh"; nocase;
content:"classid"; nocase; content:"clsid\:"; nocase;
content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; nocase; content:"\/";
nocase; content:"object"; nocase; reference: url,
http.www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm;
classtype:misc-attack; sid:1000042; rev:1;)

I just upgraded from 2.4.0 to 2.4.2 and upon launching snort i get:
"bad escape sequence starting with "\/". Fatal Error, Quitting.."
This used to work with 2.4.0 and before.  What changed?

Thanks,


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs








-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users



--
Ali Eghtessadi
Chief Information Officer
Babcock & Brown
Phone : 415-267-1626
Email : ali@babcockbrown.com





This email message may contain information that is confidential and proprietary to Babcock & Brown or a third party. If you are not the intended recipient, please contact the sender and destroy the original and any copies of the original message. Babcock & Brown takes measures to protect the content of its communications. However, Babcock & Brown cannot guarantee that email messages will not be intercepted by third parties or that email messages will be free of errors or viruses. 

If you do not wish to receive any further e-mail from Babcock & Brown, please 
send an email to opt-out@babcockbrown.com.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] Snort performance concerns, Joshua Berry
Next by Date:  Re: [Snort-users] Snort performance concerns, Joel Esler
Previous by Thread:  [Snort-users] Re: [Snort-sigs] Bad escape sequence?, sekure
Next by Thread:  [Snort-users] Snort exit status, sekure
Indexes:  [Date] [Thread] [Top] [All Lists]