[Snort-sigs] Arachnids References

John Berkers berjo at ...66...
Tue Aug 21 09:20:19 EDT 2001


Brian,

I promised a couple of weeks back that I would cross-check the Arachnids
references of the Snort rules.  Here is a list of the rules that I found
that didn't quite match.

Rules file	Sig Name			Cur Ref	New Ref	Match Method
dns.rules	DNS named iquery attempt	134	277	Content & Sig Name
exploit.rules	EXPLOIT imap x86 linux overflow	130	147	Signature name -
Various sigs in exploit.rules, diff content
finger.rules	FINGER bomb attempt		382	381	Content & Sig Name
icmp-info.rules	ICMP PING Pinger Windows	163	165	Content & Sig Name
smtp.rules	SMTP expn root			21	31	Content & Sig Name
telnet.rules	TELNET ld_library_path		367	368	Content & Sig Name
web-iis.rules	WEB-IIS jet vba access		286	-	No match in ARACHNIDS

Wrapping may break some of the lines in undesirable places.  Let me know it
you would rather I send this as a text file attachment.  Also let me know if
you disagree on some of the references.

Regards,

John Berkers                                       ICQ: 112912
Network Operations Infrastructure Support - Hansen Corporation
john.berkers at ...78...               berjo at ...66...





More information about the Snort-sigs mailing list