[Snort-sigs] Discrepancy between rule files and sid-msg.map
brennen-ml at ...2699...
Wed Aug 4 13:37:18 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
I am trying to sort out why the alerts with SIDs ranging from 2507 to 2523 are incorrectly listed in the sid-msg.map. Many of the alerts are missing from the sid-msg.map file while others are incorrectly labeled in the file. One example is "WEB-MISC PCT Client_Hello overflow attempt". This alert is present in all ruleset tarballs available and in the web-misc.rules file has a SID of 2515. However, in the sid-msg.map (of all the available tarballs) it is listed with a SID of 2511 and there is no alert listed with SID 2515. Can anyone explain this? Thanks.
Brennen Reynolds - Chief Consultant/Owner - Off-Piste Consulting, LLC
Email: brennen at off-pisteconsulting dot com Voice: (209) 258-4584
WWW: http://www.off-pisteconsulting.com Fax: (209) 258-4584
E868 8B0D 175D 7394 E7AE 9E71 38CC 2B63 A1EB 9D9F
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
-----END PGP SIGNATURE-----
More information about the Snort-sigs