[Snort-sigs] Var that don't work
thierry.chich at ...2579...
Mon Sep 10 04:56:16 EDT 2007
I would adapt the rules
BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack
to my network. Since I have a lot of RFC1918 computers that are not in my
HOME_NET, I have a lot of FP.
I try the following method. I had the following variables in
var RFC1918 [192.168/16,172.16/12,10/8]
var INTERNET !$RFC1918
I modify the rules as :
alert tcp $INTERNET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS
But it doesn't work.
More information about the Snort-sigs