[Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1

Joel Esler jesler at ...435...
Fri Aug 3 17:44:48 EDT 2012

Looks like you are using the old COMMUNITY rules.  I suggest you purge these from your system and use the VRT Ruleset at http://www.snort.org/snort-rules

The Registered User release is free.

On Aug 2, 2012, at 7:56 PM, PR <oly562 at ...2420...> wrote:

> Greetings,
> I am running acidbase on ubuntu server. 
> i found this entry:
> COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
>  ID   < Signature >   < Timestamp >   < Source Address >   < Dest. Address >   < Layer 4 Proto >  #0-(7-1) [snort] COMMUNITY SIP TCP/IP message flooding directed to SIP proxy 2012-08-02 06:42:12 TCP
> I am also a bit perplexed why snort and a sig that is not listed on snort ID site:  http://www.snortid.com/snortid.asp?QueryId=1:100000160
> does not yeild any results.
> Could you comment on how a clean installed snort acidbase be sending out from a source: to a destination:
> Notable: I have no automatic updates turned on on snort or ubuntu
> Anyone care to comment? thanks guys/gals.
> l8 oly anderson
> snort user for like years now and I still dont know shyt.. lol.

BTW -- For those of you that are playing -- that's two drinks:


Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120803/ddc215fc/attachment.html>

More information about the Snort-sigs mailing list