[Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1

Joel Esler jesler at ...435...
Fri Aug 3 17:44:48 EDT 2012


Looks like you are using the old COMMUNITY rules.  I suggest you purge these from your system and use the VRT Ruleset at http://www.snort.org/snort-rules

The Registered User release is free.


On Aug 2, 2012, at 7:56 PM, PR <oly562 at ...2420...> wrote:

> Greetings,
> 
> I am running acidbase on ubuntu server. 
> 
> i found this entry:
> 
> COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
> 
>  ID   < Signature >   < Timestamp >   < Source Address >   < Dest. Address >   < Layer 4 Proto >  #0-(7-1) [snort] COMMUNITY SIP TCP/IP message flooding directed to SIP proxy 2012-08-02 06:42:12 192.168.1.14:36642 91.189.92.184:80 TCP
> 
> I am also a bit perplexed why snort and a sig that is not listed on snort ID site:  http://www.snortid.com/snortid.asp?QueryId=1:100000160
> does not yeild any results.
> 
> Could you comment on how a clean installed snort acidbase be sending out from a source: 192.168.1.14 to a destination: 91.189.92.184:80
> 
> Notable: I have no automatic updates turned on on snort or ubuntu
> 
> Anyone care to comment? thanks guys/gals.
> 
> l8 oly anderson
> snort user for like years now and I still dont know shyt.. lol.
> 
<snip>

BTW -- For those of you that are playing -- that's two drinks:

http://blog.joelesler.net/p/snort-drinking-game.html

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120803/ddc215fc/attachment.html>


More information about the Snort-sigs mailing list