[Snort-sigs] Snort Community Rules Update
research at ...435...
Wed Dec 7 13:36:02 EST 2005
NOTE: This is the first Community rulepack which uses
community-sid-msg.map, instead of the previous sid-msg.map. This change
is being made in response to requests from numerous users of the
Community rules, in order to make management of multiple rulesets
simpler. If you have any questions about this new naming scheme, please
e-mail research at ...435..., and we will address them as best we can.
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000196-100000198.
These rules detect a directory traversal attack against the Qualcomm
Worldmail server, ICMP messages with invalid codes, and scans performed
by an NTP-based OS fingerprinting tool.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
A list of new rules and their SIDs follows.
Community Rules Maintainer
100000196 || COMMUNITY IMAP Qualcomm WorldMail SELECT dot dot attempt
100000197 || COMMUNITY ICMP undefined code
100000198 || COMMUNITY MISC Ntp fingerprint detect
More information about the Snort-sigs