[Snort-sigs] SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS
nhoughton at ...435...
Wed Jan 13 13:10:26 EST 2010
On Wed, Jan 13, 2010 at 12:56 PM, Guise McAllaster
<guise.mcallaster at ...2420...> wrote:
> Hello. Thanks you for response. Turns out that I do not have MS ISA. But
> now I am curious. Alert is happening on a very small packet. Why? Not
> sure if it encrypted data. Can I get a copy of source code for this?
Short answer, no. Sorry.
Here's a slightly longer explanation from the README that comes with
the so rules in the tarball:
"Due to contract terms with some 3rd party research organizations,
a number of VRT certified rules will only be delivered as binaries.
This applies only to shared object (SO) rules. Non-shared object rules
WILL NOT be affected."
So, unfortunately, this particular rule is covered by the agreement
with the 3rd party.
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
More information about the Snort-sigs