[Snort-sigs] typo?

Brian bmc at ...95...
Tue Aug 13 10:47:03 EDT 2002


According to Tim Bandy:
> Just happened to find these while updating my rulesets, and wasn't
> sure if that was intentional.
> 
> % fgrep "reference::" rules/*.rules
> rules/exploit.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 110
> (msg:"POP3 USER overflow attempt"; flags:A+; dsize:>500; content:"USER
> "; nocase; reference:cve,CVE-1999-0494; reference::nessus,10311;
> classtype:attempted-admin; sid:1866; rev:1;)
> rules/exploit.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET 110
> (msg:"POP3 PASS overflow attempt"; flags:A+; dsize:>500; content:"PASS
> "; nocase; reference:cve,CAN-1999-1511; reference::nessus,10325;
> classtype:attempted-admin; sid:1634; rev:4;)

Yes, that is a typo.  Good catch.

-b




More information about the Snort-sigs mailing list