[Snort-sigs] Yahoo, Hotmail, and unauth sigs

Matthew Jonkman matt at ...2436...
Fri May 28 09:55:04 EDT 2004

Good ideas, all of them. I'm doing them now. Except uri content. When I 
turn that on they don't hit as often. Miss about half. Anyone have an 
idea there?

Updated versions at http://snort.infotex.com to avoid 30 versions of 
these floating around the list.

Thanks Nigel. Nitpicky is good. :)


Nigel Houghton wrote:

> On  0, Nigel Houghton <nigel at ...435...> allegedly wrote:
>>One more nitpicky thing, it's always nice if things are laid out
>>consistently, like each rule ending with sid:123; rev:1; but that's just
>>me probably :)
> I forgot to mention that it might also be useful to use BLEEDING-EDGE in
> the msg part for each of your rules in the bleeding.rules file, just to
> keep things in line with the rule sets from snort.org.
> -------------------------------------------------------------
> Nigel Houghton       Research Engineer        Sourcefire Inc.
>                  Vulnerability Research Team
> In an emergency situation involving two or more officers of equal rank,
> seniority will be granted to whichever officer can program a vcr.
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

Matthew Jonkman, CISSP
Senior Security Engineer
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC

NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.

More information about the Snort-sigs mailing list