[Snort-sigs] snortrules-snapshot-2_1.tar.gz not being updated?

Stephan Scholz sscholz at ...2481...
Wed May 12 08:51:04 EDT 2004


The LSASS signatures use the flowbits option, which is not available in 2.1.0,
but was introduced in 2.1.1. The snortrules-snapshot-2_1.tar.gz ruleset is
for the whole 2.1 series of Snort, including 2.1.0. Therefore they did not
include those rules in it.

Regards,
Stephan

> It seems that at least some new sigs are not making into 
> snortrules-snapshot-2_1.tar.gz.  Notably the LSASS sigs seem to be 
> mentioned in the SID map but their actual rule entries are not in the 
> rules files (netbios.rules).  They are in the CURRENT tarball though.  
> I'm just curious if this is an intentional omission or not...


-- 
Stephan Scholz <sscholz at ...2481...> | Development
Astaro AG | www.astaro.com | Phone +49-721-490069-0 | Fax -55

Awards for ASL:
- Nätverk & Kommunikation Magazine, Sweden: "Five Stars" - October 2003
- Linux Enterprise Readers' Choice Award: Best Firewall - October 2003
- LinuxWorld Product Excellence Award: Best Security Solution - August 2003
- "Excellent" Infoworld Magazine - August 2003





More information about the Snort-sigs mailing list