[Snort-sigs] Signature conflict- old and new revision both presen t

HQ-Pravinkumar Taneja pravin.taneja at ...502...
Tue Apr 9 20:55:03 EDT 2002


Hi,

I just found that in dns.rules file there are two entries of signatures with
sid:257-
 
Line 7        alert tcp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS named
version attempt"; flags:A+;  content:"|07|version"; offset:12;
content:"|04|bind"; nocase; offset: 12; reference:arachnids,278;
classtype:attempted-recon; sid:257; rev:2;)
 
Line 8        alert udp $EXTERNAL_NET any -> $HOME_NET 53 (msg:"DNS named
version attempt"; content:"|07|version"; offset:12; content:"|04|bind";
nocase; offset: 12; reference:arachnids,278; classtype:attempted-recon;
sid:257; rev:1;)
 
is it a mistake that old revision is still present in the file?

thanks

Pravin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20020409/4b342b81/attachment.html>


More information about the Snort-sigs mailing list