[Snort-sigs] SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS
guise.mcallaster at ...2420...
Wed Jan 13 14:21:14 EST 2010
Hello. Nigel. While I am very sad at this news, I do want to say thank you
for such a quick and professional response. I suspect that there may have
been a management intervention or hand slap a while back. Either way, I
like the new Nigel. Keep up the good work.
On Wed, Jan 13, 2010 at 6:10 PM, Nigel Houghton <nhoughton at ...435...>wrote:
> On Wed, Jan 13, 2010 at 12:56 PM, Guise McAllaster
> <guise.mcallaster at ...2420...> wrote:
> > Hello. Thanks you for response. Turns out that I do not have MS ISA.
> > now I am curious. Alert is happening on a very small packet. Why? Not
> > sure if it encrypted data. Can I get a copy of source code for this?
> Short answer, no. Sorry.
> Here's a slightly longer explanation from the README that comes with
> the so rules in the tarball:
> "Due to contract terms with some 3rd party research organizations,
> a number of VRT certified rules will only be delivered as binaries.
> This applies only to shared object (SO) rules. Non-shared object rules
> WILL NOT be affected."
> So, unfortunately, this particular rule is covered by the agreement
> with the 3rd party.
> Nigel Houghton
> Head Mentalist
> SF VRT
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs