[Snort-sigs] rule revision tracking

John Nagro john.nagro at ...2420...
Fri Jul 9 12:26:09 EDT 2004


Sorry for the empty message.

-John

On Fri, 9 Jul 2004 15:25:00 -0400, John Nagro <john.nagro at ...2420...> wrote:
> I might be missing something, but i dont think acid displays this kind
> of data? am i wrong?
> 
> Thanks for the tips though, i might be able to figure something else out.
> 
> -John
> 
> 
> 
> On Fri, 09 Jul 2004 12:29:43 -0400, Matthew Watchinski
> <mwatchinski at ...435...> wrote:
> > Most output modes / plugins (i think all of them) return the gen:sid:rev
> >
> > 07/09-12:26:12.591044  [**]
> >
> > [1:1417:9] = gen_id 1 , sid 1417 , rev 9
> >
> >  SNMP request udp [**] [Classification: Attempted Information Leak]
> > [Priority: 2] {UDP} 10.4.10.52:1029 -> 10.1.1.204:161
> > 07/09-12:26:12.591044 0:C:29:96:DF:A2 -> 0:F:24:2A:50:30 type:0x800 len:0x7C
> > 10.4.10.52:1029 -> 10.1.1.204:161 UDP TTL:128 TOS:0x0 ID:21184 IpLen:20
> > DgmLen:106
> > Len: 78
> > 30 4C 02 01 00 04 06 70 75 62 6C 69 63 A0 3F 02  0L.....public.?.
> > 02 04 EC 02 01 00 02 01 00 30 33 30 0F 06 0B 2B  .........030...+
> > 06 01 02 01 19 03 02 01 05 01 05 00 30 0F 06 0B  ............0...
> > 2B 06 01 02 01 19 03 05 01 01 01 05 00 30 0F 06  +............0..
> > 0B 2B 06 01 02 01 19 03 05 01 02 01 05 00        .+............
> >
> > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> >
> > Cheers,
> > -matt
> >
> >
> >
> > John Nagro wrote:
> >
> > >With the fairly frequent changes to rule sets (espcially in bleedingsnort and
> > >custom rules made up as a rapid response to an attack/virus/etc) it
> > >would be nice
> > >to be able to tell which revision # of a rule set off an alert in
> > >question. I dont
> > >think there is currently any way to track this, but if there is could
> > >someone clue
> > >me in?
> > >
> > >Thanks!
> > >
> > >-John
> > >
> > >
> > >-------------------------------------------------------
> > >This SF.Net email sponsored by Black Hat Briefings & Training.
> > >Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > >digital self defense, top technical experts, no vendor pitches,
> > >unmatched networking opportunities. Visit www.blackhat.com
> > >_______________________________________________
> > >Snort-sigs mailing list
> > >Snort-sigs at lists.sourceforge.net
> > >https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > >
> > >
> > >
> >
> >
>




More information about the Snort-sigs mailing list