[Snort-sigs] BAD TRAFFIC Non-Standard IP protocol

Matt Kettler mkettler at ...189...
Thu Sep 11 11:33:33 EDT 2003


At 04:09 PM 9/10/2003 +0200, Daniél Haslinger wrote:
>Comment: The Author if the original rule forgot to include IP_PROTO:!17
>(UDP), without this Snort will trigger every UDP Packet as BAD TRAFFIC Non-
>Standard IP protocol, but UDP in my opinion IS!

While you have a valid point, you should make clear that the rule in 
question, sid:1620, is as far as I know not a part of the active snort ruleset.

There's a reason why "deleted.rules" is called "deleted"... they're known 
to be ineffective and/or broken :)

At least, it was in deleted.rules in 2.0.1, I haven't checked the latest 
cvs's. I can't imagine anyone would have resurrected it from the trashheap 
without fixing it first.








More information about the Snort-sigs mailing list