[Snort-devel] "deleted.rules" some problems.

John D. lists at ...1653...
Sun Mar 16 19:21:20 EST 2003


I know that in normal circumstances,  one would not want to use the Snort rules in the "deleted.rules" file,   but there are two rules I want to bring to the attention of the Snort development community.

In particular:   [1:113:4] BACKDOOR DeepThroat access causes Snort to Crash.   Do we really need this rule to be in there?    

A number of my clients pointed this out,  and I setup their system to frequently download the latest rules,  and sometimes they like to include this one,  dispite repeated warnings not to use it.   There is also one other rule in there that triggers on EVERY packet.

[1:1620:3] BAD TRAFFIC Non-Standard IP protocol

Has anyone bothered to verify my claim,  and what is the normal procedure for reporting these kinds of problems...


More information about the Snort-devel mailing list