[Snort-sigs] signature nazi... attacks again

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Mon Mar 25 13:28:35 EST 2002

alert tcp any any -> [,,] any
(msg:"EXPERIMENTAL BAD TRAFFIC syn to multicast address"; flags:S+;
classtype:bad-traffic; sid:1431; rev:2;)

bad-traffic is not a defined classtype in the default snort configuration
file.  Does someone mean bad-unknown or misc-activity?

Looks like everything in bad-traffic.rules is bad-unkown or misc-activity.

More information about the Snort-sigs mailing list