[Snort-sigs] Flowbit dependancy issue

Matthew Watchinski mwatchinski at ...435...
Mon Jan 8 13:20:32 EST 2007


The s///g will most likely work, but I haven't tested it.  Additional 
changes, other than the flowbit name, were made to these rules in the 
2007-01-04 rule release.

-matt

Bamm Visscher wrote:
> Yes, but that won't hit everyone for 30 days per the new license.  Any
> way you can clarify what happened and what those that don't pay for a
> subscription can do?
> 
> Bammkkkk
> 
> 
> On 1/8/07, Matthew Watchinski <mwatchinski at ...435...> wrote:
> 
>>This flowbit was updated in the 2007-01-04 rule release.
>>
>>Cheers,
>>-matt
>>
>>Bamm Visscher wrote:
>>
>>>*crickets*  ??
>>>
>>>On 1/4/07, Bamm Visscher <bamm.visscher at ...2420...> wrote:
>>>
>>>
>>>>Can you define "shortly". The problem was reported out of band well
>>>>before Matt brought it up on list. Are there any work arounds?  Can I
>>>>just s/dce.isystemactivator.bind/dce.bind.ISystemActivator/g as it
>>>>looks like there was a major renaming of flowbits that may have caused
>>>>the issue. Do I need to do a work around or do the new rules
>>>>associated with dce.bind.ISystemActivator give me the same coverage?
>>>>
>>>>Bammkkkk
>>>>
>>>>
>>>>On 12/21/06, Matthew Watchinski <mwatchinski at ...435...> wrote:
>>>>
>>>>>Clean ups for this warning will be out shortly.
>>>>>
>>>>>Cheers,
>>>>>-matt
>>>>>
>>>>>Matt Jonkman wrote:
>>>>>
>>>>>>Using the new version of oinkmaster that's doing more detailed
>>>>
>>>>flowbit
>>>>
>>>>>>dependancy checking:
>>>>>>
>>>>>>WARNING: SID 3431 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3436 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3428 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3435 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3425 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3433 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3430 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3439 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3429 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3427 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3437 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3434 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3440 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3426 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3432 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>WARNING: SID 3438 depends on flowbit "dce.isystemactivator.bind"
>>>>
>>>>which
>>>>
>>>>>>is not set in any rule
>>>>>>
>>>>>>I can't find the sig that's supposed to set that. That kills some
>>>>
>>>>good
>>>>
>>>>>>rules. Anyone know where it went?
>>>>>>
>>>>>>Matt
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>-------------------------------------------------------------------------
>>>>
>>>>>Take Surveys. Earn Cash. Influence the Future of IT
>>>>>Join SourceForge.net's Techsay panel and you'll get the chance to
>>>>
>>>>share your
>>>>
>>>>>opinions on IT & business topics through brief surveys - and earn cash
>>>>>
>>>>
>>>>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>>>
>>>>>_______________________________________________
>>>>>Snort-sigs mailing list
>>>>>Snort-sigs at lists.sourceforge.net
>>>>>https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>>
>>>>
>>>>
>>>>--
>>>>sguil - The Analyst Console for NSM
>>>>http://sguil.sf.net
>>>>
>>>
>>>
>>
> 
> 





More information about the Snort-sigs mailing list