[Snort-sigs] BAD TRAFFIC Non-Standard IP protocol
mkettler at ...189...
Thu Sep 11 11:33:33 EDT 2003
At 04:09 PM 9/10/2003 +0200, Daniél Haslinger wrote:
>Comment: The Author if the original rule forgot to include IP_PROTO:!17
>(UDP), without this Snort will trigger every UDP Packet as BAD TRAFFIC Non-
>Standard IP protocol, but UDP in my opinion IS!
While you have a valid point, you should make clear that the rule in
question, sid:1620, is as far as I know not a part of the active snort ruleset.
There's a reason why "deleted.rules" is called "deleted"... they're known
to be ineffective and/or broken :)
At least, it was in deleted.rules in 2.0.1, I haven't checked the latest
cvs's. I can't imagine anyone would have resurrected it from the trashheap
without fixing it first.
More information about the Snort-sigs