[Snort-sigs] Issue with rule sid 255

Brian bmc at ...95...
Fri Apr 25 08:33:06 EDT 2003


On Fri, Apr 25, 2003 at 08:53:43AM -0500, Geoff Craig wrote:
> Attached are two windump files (I set the snaplen to 1500).  I totally
> agree with you in that the offset should work, but we are talking MS DNS
> servers here. *wink*
> 
> PS The dumps are from a lab so you will see IP's etc.

Uh, these alerted just fine in snort 2.0 with the default rule (that
included offsets)  Can you upgrade to 2.0 and see if you still have
the issue?

-brian




More information about the Snort-sigs mailing list