[Snort-sigs] More poorly performing GID 3 rules....

Perry, Brian Brian.Perry at ...1819...
Thu Feb 4 08:55:03 EST 2010



Patrick Mullen <pmullen at ...435...> wrote:

Actually, both of those rules are open source if you want to look at
their source code.

bad-traffic_pgm-nak-overflow.c
p2p_winny.c

Not all SO rules are closed source.  Many SO rules are C code because
they do much more than the standard rules library allows; despite
popular opinion, rules aren't compiled only to obfuscate the
detection.  :)


Hope this helps,

~Patrick

On Wed, Feb 3, 2010 at 12:49 PM, Guise McAllaster
<guise.mcallaster at ...2420...> wrote:
> More poorly performing GID 3 rules that I cannot understand without
> reversing because they are compiled and the source is not released.
>
> 7019 - P2P WinNY connection attempt
> 8351 - BAD-TRAFFIC PGM nak list overflow attempt
>
> Srsly, is there any good reason these are protected by closed source?
> Maybe I can understand 8351 if it is part of your deal with MS but
> WinNY???  And don't get me started on the SMB hogs....
>
> Guise
>
> ------------------------------------------------------------------------
------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the
business
> Choose flexible plans and management services without long-term
contracts
> Personal 24x7 support from experience hosting pros just a phone call
away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>

--------------------------------------------------------------------------
----
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the
business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs



  	----------------------------------------- Disclaimer: This
electronic message, including any attachments, is confidential and
intended solely for use of the intended recipient(s). This message
may contain information that is privileged or otherwise protected
from disclosure by applicable law. Any unauthorized disclosure,
dissemination, use or reproduction is strictly prohibited. If you
have received this message in error, please delete it and notify
the sender immediately.  




More information about the Snort-sigs mailing list