[Snort-sigs] Duplicate Rule

Michael Scheidell scheidell at ...249...
Sat Jun 15 11:58:03 EDT 2002


> In oracle.rules, there are two rules that are identical except for the
> message classtype and the SID.
also in misc.rules for snort 1.8x rule sets.

> snortrulescurrent/rules/oracle.rules:alert tcp $EXTERNAL_NET any ->
> $SQL_SERVERS $ORACLE_PORTS (msg:"ORACLE EXECUTE_SYSTEM attempt";
> flow:to_server,established; content:"EXECUTE_SYSTEM"; nocase;
> classtype:system-call-detect; sid:1673; rev:3;)
suggest we drop sid:1698?

-- 
Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...249...
http://www.secnap.net/





More information about the Snort-sigs mailing list