[Snort-sigs] Issue with rule sid 255
GCraig at ...1467...
Fri Apr 25 08:38:09 EDT 2003
I have had this same issue with Snort versions 1.8.7, 1.9.1, and now
2.0.0. I am running Snort on a Windows 2000 Server and am getting all
other relevant alerts. As soon as I made the modification to the rule I
started getting alerts for it as well.
PS Should we continue this discussion off list?
Quilogy - The Art & Science of Business
Atomic Security: Security for the real world.
From: Brian [mailto:bmc at ...95...]
Sent: Friday, April 25, 2003 10:46 AM
To: Geoff Craig
Cc: snort-sigs at lists.sourceforge.net
On Fri, Apr 25, 2003 at 08:53:43AM -0500, Geoff Craig wrote:
> Attached are two windump files (I set the snaplen to 1500). I totally
> agree with you in that the offset should work, but we are talking MS
> servers here. *wink*
> PS The dumps are from a lab so you will see IP's etc.
Uh, these alerted just fine in snort 2.0 with the default rule (that
included offsets) Can you upgrade to 2.0 and see if you still have
More information about the Snort-sigs