Project

General

Profile

Actions

Feature #261

closed

flow option "only_stream"

Added by Peter Manev about 14 years ago. Updated almost 13 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

invalid flow option "only_stream"

Example:

[9838] 20/12/2010 -- 11:50:19 - (detect-flow.c:259) <Error> (DetectFlowParse) -- [ERRCODE: SC_ERR_INVALID_VALUE(128)] - invalid flow option "only_stream"

[9838] 20/12/2010 -- 11:50:19 - (detect.c:526) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Error parsing signature "alert tcp $HTTP_SERVERS $HTTP_PORTS -> $EXTERNAL_NET any (msg:"WEB-MISC Microsoft Internet Explorer 7 html object memory corruption attempt"; flow:to_client, established, only_stream; content:"HTTP/1.1 304 Not Modified"; content:"HTTP/1.1 304 Not Modified"; distance:0; detection_filter:track by_src, count 20, seconds 1; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:cve,2007-0947; classtype:misc-activity; sid:16008; rev:5;)" from file /etc/suricata/rules/web-misc.rules at line 612


Files

OnlyStream.bmp (1.96 MB) OnlyStream.bmp only_stream option - Snort Manual Peter Manev, 04/06/2011 08:40 AM
Actions

Also available in: Atom PDF