[Snort-sigs] signature nazi... attacks again

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Mon Mar 25 13:28:35 EST 2002


alert tcp any any -> [232.0.0.0/8,233.0.0.0/8,239.0.0.0/8] any
(msg:"EXPERIMENTAL BAD TRAFFIC syn to multicast address"; flags:S+;
classtype:bad-traffic; sid:1431; rev:2;)


bad-traffic is not a defined classtype in the default snort configuration
file.  Does someone mean bad-unknown or misc-activity?

Looks like everything in bad-traffic.rules is bad-unkown or misc-activity.




More information about the Snort-sigs mailing list