[Snort-sigs] Rule #2000900
olebakk at ...2420...
Thu Jul 29 14:15:04 EDT 2004
Rule 2000428 is also missing from the sid by the way... :)
Some other might be missing as well...
linux:/etc/snort/rules # cat bleeding-sid-msg.map | grep 2000 |wc -l
linux:/etc/snort/rules # grep sid:2000 bleeding*rules* | wc -l
I'm not complaining though - I could just write a script to handle
this the proper way including my local.rules, just thought you'd like
On Thu, 29 Jul 2004 09:22:29 -0500, Matthew Jonkman <matt at ...2436...> wrote:
> I am also catching a lot of things not caught before with that rule.
> Seeing a lot of tcp traffic too.
> Anyway, the sid map was broken, thanks for pointing that out. I didn't
> adjust the scripts when I moved the malware rules. It's fixed now. Thanks
> Ole-Martin wrote:
> > Hi!
> > I just wanted to say I've found good use of the 2000900 rule in
> > bleeding (BLEEDING-EDGE Malware JoltID Agent Probing or Announcing
> > UDP).
> > I think it might be included with KaZaA now and that makes it easy to
> > find machines that violates company policy.
> > Why isn't 20009xx rules in bleeding-sid-msg.map ?
> > --
> > Ole-Martin
More information about the Snort-sigs