[Snort-sigs] Discrepancy between rule files and sid-msg.map

Brennen Reynolds brennen-ml at ...2699...
Wed Aug 4 13:37:18 EDT 2004


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am trying to sort out why the alerts with SIDs ranging from 2507 to 2523 are incorrectly listed in the sid-msg.map. Many of the alerts are missing from the sid-msg.map file while others are incorrectly labeled in the file. One example is "WEB-MISC PCT Client_Hello overflow attempt". This alert is present in all ruleset tarballs available and in the web-misc.rules file has a SID of 2515. However, in the sid-msg.map (of all the available tarballs) it is listed with a SID of 2511 and there is no alert listed with SID 2515. Can anyone explain this? Thanks.

Brennen Reynolds

- --
Brennen Reynolds - Chief Consultant/Owner - Off-Piste Consulting, LLC
 
Email: brennen at off-pisteconsulting dot com  Voice:  (209) 258-4584
WWW:   http://www.off-pisteconsulting.com      Fax:    (209) 258-4584
 
PGP Fingerprint:
E868 8B0D 175D 7394 E7AE  9E71 38CC 2B63 A1EB 9D9F 


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBQQgHMzjMK2Oh652fEQIaLQCggrTm3QOzm/hVfu/oD1TBwtEtckQAoJ43
ybyYaGVaOrmxujLWnEqc5LTn
=4HnT
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list