[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Wed Dec 7 13:36:02 EST 2005


NOTE: This is the first Community rulepack which uses 
community-sid-msg.map, instead of the previous sid-msg.map. This change 
is being made in response to requests from numerous users of the 
Community rules, in order to make management of multiple rulesets 
simpler. If you have any questions about this new naming scheme, please 
e-mail research at ...435..., and we will address them as best we can.

This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000196-100000198. 
These rules detect a directory traversal attack against the Qualcomm 
Worldmail server, ICMP messages with invalid codes, and scans performed 
by an NTP-based OS fingerprinting tool.

Sourcefire would like to thank rmkml for submitting these rules. As a 
reminder, anyone who wishes to submit rules may do so at 
http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of new rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000196 || COMMUNITY IMAP Qualcomm WorldMail SELECT dot dot attempt
100000197 || COMMUNITY ICMP undefined code
100000198 || COMMUNITY MISC Ntp fingerprint detect




More information about the Snort-sigs mailing list