[Snort-sigs] RE: [snort-cvs] CVS: snort - cazz

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Sun Jan 26 10:11:02 EST 2003

Quick question about the large list of newly deleted rules.  I noticed a
ton of DeepThroat rules removed... with a note above them talking about
the back orifice preprocessor.  Does this mean that spp_bo is supposed
to catch all of those rules?

Also, the following comment:
# The following ftp rules look for specific exploits, which are not
needed now
# that initial protocol decoding is available.

Is there an ftp preprocessor/decoder out there? I don't see it in the
current CVS.

-----Original Message-----
From: Brian Caswell [mailto:cazz at ...592...] 
Sent: Saturday, January 25, 2003 8:17 PM
To: snort-cvsinfo at lists.sourceforge.net
Subject: [snort-cvs] CVS: snort - cazz

CVSROOT:	/cvsroot/snort
Module name:	snort
Changes by:	cazz at ...1218...	2003/01/25 18:16:40

Modified files:
	etc            : sid sid-msg.map 
	rules          : deleted.rules ftp.rules policy.rules sql.rules 
Added files:
	doc/signatures : 2003.txt 

Log message:
* move some policy rules to policy.rules
* move some deleted rules to deleted.rules
* add sid:2003 - rule for the Slammer worm (MS SQL Buff overflow

This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
Snort-cvsinfo mailing list
Snort-cvsinfo at lists.sourceforge.net

More information about the Snort-sigs mailing list