[Snort-sigs] [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo

Joel Esler jesler at ...435...
Wed Feb 8 22:17:20 EST 2012

1-999,999 are Sourcefire's SIDs.

Yes, it's off by default.  We've made some changes to the default state of
rules just today.  We'll put more out about this tomorrow in a blog post
when we release the rules.


On Wednesday, February 8, 2012, waldo kitty <wkitty42 at ...3507...> wrote:
> On 2/8/2012 19:24, Joel Esler wrote:
>> It's a VRT rule. It's an indicator rule. Meaning its meant to used in
>> conjunction with other rules for a more complete picture.
>> It's off by default.
> thanks for that, joel! i didn't know if it was off by default or if i had
> already turned it off because of just this type of problem with it...
> thanks also for the confirmation that it is a VRT rule... there are times
that i
> tend to see something and if it is in a certain SID range, i automatically
> classify as to those i know are using those ranges...
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120208/9475fdcc/attachment.html>

More information about the Snort-sigs mailing list