[Snort-sigs] typo?

Tim Bandy bandy at ...749...
Tue Aug 13 10:13:06 EDT 2002

Just happened to find these while updating my rulesets, and wasn't
sure if that was intentional.

% fgrep "reference::" rules/*.rules
rules/exploit.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 110
(msg:"POP3 USER overflow attempt"; flags:A+; dsize:>500; content:"USER
"; nocase; reference:cve,CVE-1999-0494; reference::nessus,10311;
classtype:attempted-admin; sid:1866; rev:1;)
rules/exploit.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 110
(msg:"POP3 PASS overflow attempt"; flags:A+; dsize:>500; content:"PASS
"; nocase; reference:cve,CAN-1999-1511; reference::nessus,10325;
classtype:attempted-admin; sid:1634; rev:4;)

Tim Bandy (bandy at ...749...)

More information about the Snort-sigs mailing list