[Snort-sigs] [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo
jesler at ...435...
Wed Feb 8 22:17:20 EST 2012
1-999,999 are Sourcefire's SIDs.
Yes, it's off by default. We've made some changes to the default state of
rules just today. We'll put more out about this tomorrow in a blog post
when we release the rules.
On Wednesday, February 8, 2012, waldo kitty <wkitty42 at ...3507...> wrote:
> On 2/8/2012 19:24, Joel Esler wrote:
>> It's a VRT rule. It's an indicator rule. Meaning its meant to used in
>> conjunction with other rules for a more complete picture.
>> It's off by default.
> thanks for that, joel! i didn't know if it was off by default or if i had
> already turned it off because of just this type of problem with it...
> thanks also for the confirmation that it is a VRT rule... there are times
> tend to see something and if it is in a certain SID range, i automatically
> classify as to those i know are using those ranges...
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs