Actions
Feature #1282
closedsupport for base64_decode from snort's ruleset
Description
I'm running pfSense 2.1.5-RELEASE (amd64) on (nano) FreeBSD 8.3-RELEASE-p16 with Suricata 2.0.3 pkg v2.0.2 and snortrules-snapshot-2962.tar.gz with snort 'balanced' IPS rules. I'm seeing the following in my logs:
18/9/2014 -- 14:04:22 - <Error> -- [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'base64_decode'.
There seem to be only a few snort rules that cough up this message.
Updated by Peter Manev about 10 years ago
Updated by Victor Julien about 10 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to 3.0RC2
Updated by Duane Howard about 9 years ago
Any updates on this? I'd love to see this in 2.1 final.
Updated by Jason Ish about 9 years ago
Looks like base64_data would also be required. base64_decode decodes the data, base64_data sets the cursor for pattern matching. Probably doesn't make sense to do one without the other.
Updated by Victor Julien about 9 years ago
- Target version changed from 3.0RC2 to 70
Updated by Victor Julien almost 9 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 3.0RC1
- % Done changed from 0 to 100
Actions