[Snort-sigs] SID 332 and 325 seems the same

[Anton Chuvakin]

alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER 0 query";
flow:to_server,established; content:"0"; reference:nessus,10069;
reference:arachnids,378; reference:arachnids,131;
reference:cve,CAN-1999-0197; classtype:attempted-recon; sid:332;
rev:5;)

vs

alert tcp $EXTERNAL_NET any -> $HOME_NET 79 (msg:"FINGER probe 0
attempt"; flow:to_server,established;
content:"0";reference:arachnids,378; classtype:attempted-recon;
sid:325; rev:3;)

-- 
  Anton A. Chuvakin, Ph.D., GCIA
     http://www.chuvakin.org
   http://www.info-secure.org