[Snort-sigs] truncated msg string

Ian Macdonald secsnortsigs at ...644...
Fri Aug 9 07:50:02 EDT 2002

Previous message (by thread): [Snort-sigs] Sig for counting packets?
Next message (by thread): [Snort-sigs] Shellocode x86 inc ebx signatures
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With 1.8

the signature

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP \"CWD /\" possible
warez site"; flags:A+; content:"CWD / "; nocase; depth: 6;
classtype:misc-activity; sid:545;  rev:3;)

Was logged in the signature database as just "FTP" rather than FTP \CWD

Not sure exactly what is wrong with the sig but thought I would mention it.

Ian

Previous message (by thread): [Snort-sigs] Sig for counting packets?
Next message (by thread): [Snort-sigs] Shellocode x86 inc ebx signatures
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Snort-sigs mailing list