[Snort-sigs] SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS

Guise McAllaster guise.mcallaster at ...2420...
Wed Jan 13 14:21:14 EST 2010


Hello. Nigel.  While I am very sad at this news, I do want to say thank you
for such a quick and professional response.  I suspect that there may have
been a management intervention or hand slap a while back.  Either way, I
like the new Nigel.  Keep up the good work.

Guise

On Wed, Jan 13, 2010 at 6:10 PM, Nigel Houghton <nhoughton at ...435...>wrote:

> On Wed, Jan 13, 2010 at 12:56 PM, Guise McAllaster
> <guise.mcallaster at ...2420...> wrote:
> > Hello.  Thanks you for response.   Turns out that I do not have MS ISA.
> But
> > now I am curious.  Alert is happening on a very small packet.  Why?  Not
> > sure if it encrypted data.  Can I get a copy of source code for this?
>
> Short answer, no. Sorry.
>
> Here's a slightly longer explanation from the README that comes with
> the so rules in the tarball:
>
> "Due to contract terms with some 3rd party research organizations,
>  a number of VRT certified rules will only be delivered as binaries.
>
>  This applies only to shared object (SO) rules. Non-shared object rules
>  WILL NOT be affected."
>
> So, unfortunately, this particular rule is covered by the agreement
> with the 3rd party.
>
> --
> Nigel Houghton
> Head Mentalist
> SF VRT
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100113/f33628d5/attachment.html>


More information about the Snort-sigs mailing list