[Snort-sigs] SID 271

Brian bmc at ...95...
Tue Feb 12 08:13:09 EST 2002


According to Jon Hart:
> > Rule:  
> > alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP Bomb";
> > classtype:attempted-dos; sid:271; rev:1;) 
> 
> I'd also vote for a more descriptive message:
> 
> alert udp any 19 <> $HOME_NET 7 (msg:"DOS UDP echo+chargen Bomb"; \
> classtype:attempted-dos; sid:271; rev:2;) 

Agreed.  The change will commited later today at the earliest,
tommorow at the latest.

-- 
He must have the attention span of a ... oh look, flashy lights.





More information about the Snort-sigs mailing list