[Snort-sigs] Issue with rule sid 255

Geoff Craig GCraig at ...1467...
Fri Apr 25 08:38:09 EDT 2003


Hey Brian,

I have had this same issue with Snort versions 1.8.7, 1.9.1, and now
2.0.0.  I am running Snort on a Windows 2000 Server and am getting all
other relevant alerts.  As soon as I made the modification to the rule I
started getting alerts for it as well.  

PS Should we continue this discussion off list?  

Geoff Craig
Infrastructure Architect
Quilogy - The Art & Science of Business
Atomic Security: Security for the real world.

-----Original Message-----
From: Brian [mailto:bmc at ...95...] 
Sent: Friday, April 25, 2003 10:46 AM
To: Geoff Craig
Cc: snort-sigs at lists.sourceforge.net

On Fri, Apr 25, 2003 at 08:53:43AM -0500, Geoff Craig wrote:
> Attached are two windump files (I set the snaplen to 1500).  I totally
> agree with you in that the offset should work, but we are talking MS
DNS
> servers here. *wink*
> 
> PS The dumps are from a lab so you will see IP's etc.

Uh, these alerted just fine in snort 2.0 with the default rule (that
included offsets)  Can you upgrade to 2.0 and see if you still have
the issue?

-brian






More information about the Snort-sigs mailing list