[Snort-sigs] How and why are older entries dropped

Marc Eggenberger me at ...116...
Wed Sep 19 05:03:08 EDT 2001


Hi there.

Hope my head doesn't get chopped off ;-)

I just downloaded the newest sigs off the cvs tree and I made a diff between
the ones I am running now ... I found that some entries are not existing in
the new one anymore. For example in the web-iis.rules v1.17 there was an
entry codebrowser access which checked the uri for content
/selector/showcode.asp ... this isnt existing in the web-iis.rules 1.23
anymore. Why is this? In my understanding you should leave older exploits ..
or was it wrong? if so is there any history files discribing which entries
have been dropped and why?

--
mfg
Marc





More information about the Snort-sigs mailing list