[Snort-sigs] historical rule information?

Miller - CDLE, Michael michael.miller at ...1811...
Thu Apr 18 11:55:32 EDT 2013


I'm hunting down a rule that's generating a LOT of traffic on our network
and was wondering if there were a wiki or history of rules to see what the
thinking was behind them. Specifically, I'm alerting on

[3:15474:5] BAD-TRAFFIC Microsoft ISA Server and Forefront Threat
Management Gateway invalid RST denial of service attempt [Classification:
Attempted Denial of Service]

There are two ISA servers on that network, and they've been patched
according to the KB article referenced in the rule detail (
http://technet.microsoft.com/en-us/security/bulletin/MS09-016), but the
alerts are still being generated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130418/4017c4f3/attachment.html>


More information about the Snort-sigs mailing list