Open ended port ranges not correctly handled
duanehoward opened this issue · comments
Rules which contain a port range like [1024:] throw a parsing error.
This is mostly resolved, need to consider the validity of 0 as a port.
google / gonids
gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/