[Snort-sigs] SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS

Nigel Houghton nhoughton at ...435...
Wed Jan 13 13:10:26 EST 2010

On Wed, Jan 13, 2010 at 12:56 PM, Guise McAllaster
<guise.mcallaster at ...2420...> wrote:
> Hello.  Thanks you for response.   Turns out that I do not have MS ISA.  But
> now I am curious.  Alert is happening on a very small packet.  Why?  Not
> sure if it encrypted data.  Can I get a copy of source code for this?

Short answer, no. Sorry.

Here's a slightly longer explanation from the README that comes with
the so rules in the tarball:

"Due to contract terms with some 3rd party research organizations,
 a number of VRT certified rules will only be delivered as binaries.

 This applies only to shared object (SO) rules. Non-shared object rules
 WILL NOT be affected."

So, unfortunately, this particular rule is covered by the agreement
with the 3rd party.

Nigel Houghton
Head Mentalist
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

More information about the Snort-sigs mailing list