[Snort-sigs] How and why are older entries dropped
bmc at ...95...
Wed Sep 19 05:39:10 EDT 2001
According to Marc Eggenberger:
> I just downloaded the newest sigs off the cvs tree and I made a diff between
> the ones I am running now ... I found that some entries are not existing in
> the new one anymore. For example in the web-iis.rules v1.17 there was an
> entry codebrowser access which checked the uri for content
> /selector/showcode.asp ... this isnt existing in the web-iis.rules 1.23
> anymore. Why is this? In my understanding you should leave older exploits ..
> or was it wrong? if so is there any history files discribing which entries
> have been dropped and why?
grep showcode.asp *.rules
It still exists in web-iis.rules
More information about the Snort-sigs