Actions
Bug #496
closedrule analyzer: depth/offset warning makes no sense for tcp-pkt sig
Affected Versions:
Effort:
Difficulty:
Label:
Description
== Sid: 2 == alert tcp-pkt any any -> any any (content:"abc"; depth:3; sid:2; rev:1;) Rule matches on packets. Rule contains 1 content options, 0 http content options, 0 pcre options, and 0 pcre options with http modifiers. Warning: TCP rule without a flow or flags option. -Consider adding flow or flags to improve performance of this rule. Warning: Rule has depth/offset with raw content keywords. Please note the offset/depth will be checked against both packet payloads and stream. If you meant to have the offset/depth checked against just the payload, you can update the signature as "alert tcp-pkt..."
Sig is not inspecting stream, so warning is not relevant.
Files
Actions