Bug #1991: Suricata cannot parse ports: "![1234, 1235]" - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1991

closed

Suricata cannot parse ports: "![1234, 1235]"

Added by ajaxtpm ajaxtpm almost 8 years ago. Updated almost 8 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Andreas Herz

Target version:

3.2.1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Have found small inconsistency when suricata parse ports list in signature

alert tcp any any -> any ![1234,1235] (msg:"Test rule 1"; flow:to_server; sid:1; rev:1;)
    alert tcp any any -> any [!1234, !1235] (msg:"Test rule 2"; flow:to_server; sid:2; rev:1;)
    alert tcp any any -> any ![1234, 1235] (msg:"Test rule 3"; flow:to_server; sid:3; rev:1;)

suricata cannot parse the 3rd signature: error parsing signature "alert tcp any any -> any ![1234, 1235]

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1991

Suricata cannot parse ports: "![1234, 1235]"

Updated by Andreas Herz almost 8 years ago

Updated by Andreas Herz almost 8 years ago

Updated by ajaxtpm ajaxtpm almost 8 years ago

Updated by Victor Julien almost 8 years ago