[Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1
jesler at ...435...
Fri Aug 3 17:44:48 EDT 2012
Looks like you are using the old COMMUNITY rules. I suggest you purge these from your system and use the VRT Ruleset at http://www.snort.org/snort-rules
The Registered User release is free.
On Aug 2, 2012, at 7:56 PM, PR <oly562 at ...2420...> wrote:
> I am running acidbase on ubuntu server.
> i found this entry:
> COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
> ID < Signature > < Timestamp > < Source Address > < Dest. Address > < Layer 4 Proto > #0-(7-1) [snort] COMMUNITY SIP TCP/IP message flooding directed to SIP proxy 2012-08-02 06:42:12 192.168.1.14:36642 18.104.22.168:80 TCP
> I am also a bit perplexed why snort and a sig that is not listed on snort ID site: http://www.snortid.com/snortid.asp?QueryId=1:100000160
> does not yeild any results.
> Could you comment on how a clean installed snort acidbase be sending out from a source: 192.168.1.14 to a destination: 22.214.171.124:80
> Notable: I have no automatic updates turned on on snort or ubuntu
> Anyone care to comment? thanks guys/gals.
> l8 oly anderson
> snort user for like years now and I still dont know shyt.. lol.
BTW -- For those of you that are playing -- that's two drinks:
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs