[Snort-sigs] flowbits:set SID:15730 SID:16093

Alex Kirk akirk at ...435...
Wed Dec 30 16:14:29 EST 2009

Not errors on your part, actually good catches.

I'm not sure what happened with the first flowbit, since we've got no record
of ever having a second rule that would have used that flowbit. It's been
deleted over here, and will go out that way in the next SEU.

The second flowbit had a rule that used it in our tracking system, and
somehow that rule never made it into the SEU - probably an error on my part
while doing a manual add, since I'm the one who committed the rule with the
flowbit. It's been added now, and will be out in the next SEU.

On Wed, Dec 30, 2009 at 3:50 PM, Jason Wallace <jason.r.wallace at ...2420...>wrote:

> Hi,
> sid:15730 uses  flowbits:set,trojan.delf.post; but there is no other
> rule which uses this flowbit...
> sid:16093 uses flowbits:set,BugsPrey_detection; flowbits:noalert; but
> again there is no other rule which uses this flowbit.
> Are these errors or am I somehow missing rules? I'm using
> snortrules-snapshot-2.8.tar.gz for registered users and the
> precompiled rules for 2.8.5
> Thx,
> Wally
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
alex.kirk at ...435...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091230/fc577620/attachment.html>

More information about the Snort-sigs mailing list