[Snort-sigs] Discrepancy between rule files and sid-msg.map
bmc at ...95...
Wed Aug 4 14:27:06 EDT 2004
On Wed, Jul 28, 2004 at 01:06:12PM -0700, Brennen Reynolds wrote:
> I am trying to sort out why the alerts with SIDs ranging from 2507
> to 2523 are incorrectly listed in the sid-msg.map. Many of the
> alerts are missing from the sid-msg.map file while others are
> incorrectly labeled in the file. One example is "WEB-MISC PCT
> Client_Hello overflow attempt". This alert is present in all ruleset
> tarballs available and in the web-misc.rules file has a SID of 2515.
> However, in the sid-msg.map (of all the available tarballs) it is
> listed with a SID of 2511 and there is no alert listed with SID
> 2515. Can anyone explain this? Thanks.
Yep, sig-msg.map needs regeneration. I'll regen it during next rule
More information about the Snort-sigs