[Snort-sigs] RE: [snort-cvs] CVS: snort - cazz

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Sun Jan 26 11:34:08 EST 2003


Also, I noticed that the ftp rules were just commented out in the
ftp.rules file... if they're in the deleted rules file should they be
removed from here?


-----Original Message-----
From: Kreimendahl, Chad J 
Sent: Sunday, January 26, 2003 12:10 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] RE: [snort-cvs] CVS: snort - cazz



Quick question about the large list of newly deleted rules.  I noticed a
ton of DeepThroat rules removed... with a note above them talking about
the back orifice preprocessor.  Does this mean that spp_bo is supposed
to catch all of those rules?

Also, the following comment:
# The following ftp rules look for specific exploits, which are not
needed now
# that initial protocol decoding is available.

Is there an ftp preprocessor/decoder out there? I don't see it in the
current CVS.

-----Original Message-----
From: Brian Caswell [mailto:cazz at ...592...] 
Sent: Saturday, January 25, 2003 8:17 PM
To: snort-cvsinfo at lists.sourceforge.net
Subject: [snort-cvs] CVS: snort - cazz


CVSROOT:	/cvsroot/snort
Module name:	snort
Changes by:	cazz at ...1218...	2003/01/25 18:16:40

Modified files:
	etc            : sid sid-msg.map 
	rules          : deleted.rules ftp.rules policy.rules sql.rules 
Added files:
	doc/signatures : 2003.txt 

Log message:
* move some policy rules to policy.rules
* move some deleted rules to deleted.rules
* add sid:2003 - rule for the Slammer worm (MS SQL Buff overflow
#30052342)



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-cvsinfo mailing list
Snort-cvsinfo at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-cvsinfo


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list