Project

General

Profile

Actions

Bug #2250

closed

detect: mixing byte_extract and isdataat leads to FP & FN

Added by Victor Julien over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Rule parsing is implemented, but rule matching is not.

Reported by Harley H https://lists.openinfosecfoundation.org/pipermail/oisf-users/2017-October/007502.html


Files

Byte_extract_isdataat_test.pcap (721 Bytes) Byte_extract_isdataat_test.pcap Victor Julien, 10/21/2017 03:36 AM
testing.rules (1.16 KB) testing.rules Victor Julien, 10/21/2017 03:36 AM
Actions

Also available in: Atom PDF