[Snort-sigs] Missing SID information on Snort site

Joel Esler jesler at ...435...
Wed May 8 16:38:07 EDT 2013


On May 8, 2013, at 2:14 PM, MA Bel <mab_generic at ...3751...> wrote:

> The following rule was triggered by Snort. The corresponding SID number is 20437. I did a search on the Snort website, no results were returned. This happens from time to time with other SIDs.   Does anyone know why the information is missing from the Snort website?
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET [443,465,587,995,993] (msg:"MALWARE-TOOLS multiple TLSv1 Encrypted Handshake messages - THC-SSL tool, potential DoS"; flow:established,to_server; ssl_state:!client_hello; content:"|16 03 01|"; depth:3; detection_filter:track by_src,count 25, seconds 2; reference:url,www.thc.org/thc-ssl-dos/; classtype:attempted-dos; sid:20437; rev:2;)

Unfortunately, the amount of rules we produce does not always equate to the number of docs we publish for each rule.  We try very hard to make sure the reference in the rule is always descriptive.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130508/ca1a7668/attachment.html>


More information about the Snort-sigs mailing list