[Snort-sigs] More poorly performing GID 3 rules....

JJ Cummings cummingsj at ...2420...
Wed Feb 3 13:00:26 EST 2010


The source for both of those is public and included in the rules tarball
that is available for download from snort.org.

$ grep -l 8351 *
bad-traffic_pgm-nak-overflow.c
$ grep -l 7019 *
p2p_winny.c

JJC

On Wed, Feb 3, 2010 at 10:49 AM, Guise McAllaster <
guise.mcallaster at ...2420...> wrote:

> More poorly performing GID 3 rules that I cannot understand without
> reversing because they are compiled and the source is not released.
>
> 7019 - P2P WinNY connection attempt
> 8351 - BAD-TRAFFIC PGM nak list overflow attempt
>
> Srsly, is there any good reason these are protected by closed source?
> Maybe I can understand 8351 if it is part of your deal with MS but
> WinNY???  And don't get me started on the SMB hogs....
>
> Guise
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the
> business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100203/52045bb5/attachment.html>


More information about the Snort-sigs mailing list