[Snort-sigs] historical rule information?
Miller - CDLE, Michael
michael.miller at ...1811...
Thu Apr 18 11:55:32 EDT 2013
I'm hunting down a rule that's generating a LOT of traffic on our network
and was wondering if there were a wiki or history of rules to see what the
thinking was behind them. Specifically, I'm alerting on
[3:15474:5] BAD-TRAFFIC Microsoft ISA Server and Forefront Threat
Management Gateway invalid RST denial of service attempt [Classification:
Attempted Denial of Service]
There are two ISA servers on that network, and they've been patched
according to the KB article referenced in the rule detail (
http://technet.microsoft.com/en-us/security/bulletin/MS09-016), but the
alerts are still being generated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs