[Snort-sigs] Rule #2000900
matt at ...2436...
Thu Jul 29 07:23:04 EDT 2004
I am also catching a lot of things not caught before with that rule.
Seeing a lot of tcp traffic too.
Anyway, the sid map was broken, thanks for pointing that out. I didn't
adjust the scripts when I moved the malware rules. It's fixed now. Thanks
> I just wanted to say I've found good use of the 2000900 rule in
> bleeding (BLEEDING-EDGE Malware JoltID Agent Probing or Announcing
> I think it might be included with KaZaA now and that makes it easy to
> find machines that violates company policy.
> Why isn't 20009xx rules in bleeding-sid-msg.map ?
More information about the Snort-sigs