Actions
Bug #4548
closedrules: Unable to find the sm in any of the sm lists
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0
Description
I want to detect dns.flags.response==0 and dns.query is "test" or "abc" or "sdf".
alert dns any any -> any any (msg:"DNS_解析请求";byte_test:1,<,0x80,2;dns.query;pcre:"/test|abc|sdf/";sid:1;)
but this alerted "Unable to find the sm in any of the sm lists".
If modify the rule to:alert dns any any -> any any (msg:"DNS_解析请求";dns.query;pcre:"/test|abc|sdf/";sid:1;)
oralert dns any any -> any any (msg:"DNS_解析请求";byte_test:1,<,0x80,2;sid:1;)
These are ok. So,Why is this error reported.
Updated by Victor Julien almost 3 years ago
- Target version changed from 6.0.2 to 6.0.3
- Label Needs backport to 5.0 added
This should be fixed in master by 9dd1444f4431731bf4917488e0abec0d9a46fdcc, so we'll need a backport (also to 5)
Updated by Victor Julien almost 3 years ago
- Target version changed from 6.0.3 to 6.0.4
Updated by Victor Julien almost 3 years ago
- Subject changed from Unable to find the sm in any of the sm lists to rules: Unable to find the sm in any of the sm lists
- Status changed from New to Assigned
- Assignee set to Shivani Bhardwaj
Updated by Jeff Lucovsky over 2 years ago
- Copied to Bug #4647: rules: Unable to find the sm in any of the sm lists added
Updated by Shivani Bhardwaj over 2 years ago
- Status changed from Assigned to In Review
Updated by Victor Julien over 2 years ago
- Status changed from In Review to Closed
Actions