[Snort-sigs] GPL sig 1313

rmkml rmkml at ...174...
Fri Mar 18 16:02:47 EDT 2011


Hi,
it's snort community if I remember correctly:
rules/porn.rules:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN up skirt"; content:"up skirt"; nocase; flow:to_client,established; classtype:kickass-porn; sid:1313; rev:5;)
Regards
Rmkml


On Fri, 18 Mar 2011, Weir, Jason wrote:

> Nigel,
> Oops - my bad, It's part of the GPLs - looks like it came from the ET side...
> Didn't they use to be distributed with Snort??
> -J
>
>> -----Original Message-----
>> From: Nigel Houghton [mailto:nhoughton at ...435...]
>> Sent: Friday, March 18, 2011 1:43 PM
>> To: Weir, Jason
>> Cc: snort-sigs at lists.sourceforge.net
>> Subject: Re: [Snort-sigs] GPL sig 1313
>>
>>
>> On Fri, 18 Mar 2011 12:01:47 -0400, Weir, Jason wrote:
>>> Seeing what could be a FP on 1313
>>> Here's the data - no "up skirt" that I can see....
>>> -J
>>>
>>
>> Is that SID correct? We don't have a rule with that particular SID.




More information about the Snort-sigs mailing list