Project

General

Profile

Actions
Copy link

Bug #1991

closed

Suricata cannot parse ports: "![1234, 1235]"

Added by ajaxtpm ajaxtpm over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Andreas Herz
Target version:
3.2.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Have found small inconsistency when suricata parse ports list in signature

alert tcp any any -> any ![1234,1235] (msg:"Test rule 1"; flow:to_server; sid:1; rev:1;)
    alert tcp any any -> any [!1234, !1235] (msg:"Test rule 2"; flow:to_server; sid:2; rev:1;)
    alert tcp any any -> any ![1234, 1235] (msg:"Test rule 3"; flow:to_server; sid:3; rev:1;)

suricata cannot parse the 3rd signature: error parsing signature "alert tcp any any -> any ![1234, 1235]

Actions
Copy link
 #1

Updated by Andreas Herz over 7 years ago

  • Assignee set to Andreas Herz
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Andreas Herz over 7 years ago

  • Status changed from New to Closed
Actions
Copy link
 #3

Updated by ajaxtpm ajaxtpm over 7 years ago

Thank you guys!

Actions
Copy link
 #4

Updated by Victor Julien over 7 years ago

  • Target version changed from TBD to 3.2.1
Actions
Copy link

Also available in: Atom PDF