[Snort-sigs] (no subject)
wkitty42 at ...3507...
Mon Apr 29 14:12:35 EDT 2013
On 4/29/2013 13:05, Chukhaltsetseg Shijirbaatar wrote:
> Are this rules bad?
1. what rules?
a. if you are talking about the two rules you posted in another thread, their
structure looks ok...
b. do you really mean for the references in those two rules to point to the
P2P tracker server? they should point to an article or short description of the
rule and why it was written the way it is...
c. the second rule has too many '/' in the reference...
d. the second rule is apparently to detect traffic from the client to the
server but the first rule doesn't indicate any direction... this is ok in some
e. the first rule should fire on any occurrence of "www.mininova.org" in
any/all traffic... this posting should trigger it as your original post would
have triggered it if that snort is looking at this connection...
2. what do you consider "bad"?
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-sigs