[Snort-sigs] Rule #2000900

Matthew Jonkman matt at ...2436...
Thu Jul 29 07:23:04 EDT 2004


I am also catching a lot of things not caught before with that rule. 
Seeing a lot of tcp traffic too.

Anyway, the sid map was broken, thanks for pointing that out. I didn't 
adjust the scripts when I moved the malware rules. It's fixed now. Thanks

Matt

Ole-Martin wrote:

> Hi!
> 
> I just wanted to say I've found good use of the 2000900 rule in
> bleeding (BLEEDING-EDGE Malware JoltID Agent Probing or Announcing
> UDP).
> 
> I think it might be included with KaZaA now and that makes it easy to
> find machines that violates company policy.
> 
> Why isn't 20009xx rules in bleeding-sid-msg.map ?
> 
> 
> --
> Ole-Martin
> 
>




More information about the Snort-sigs mailing list