[Snort-sigs] flowbits: netsenum

waldo kitty wkitty42 at ...3507...
Wed May 29 19:53:25 EDT 2013


On 5/29/2013 11:23, Joel Esler wrote:
> On May 29, 2013, at 10:57 AM, waldo kitty <wkitty42 at ...3507...
> <mailto:wkitty42 at ...3507...>> wrote:
>
>> there is no check rule in the *.rules files for flowbits: netsenum…
>>
> It's checked in 24007.

my mistake... i was trying to ensure that each report was uniform in style and 
missed that :(

>> additionally, both existing rules' MSG are identical... one should speak of "to
>> client" and the other "to server" in the MSG for clarity??
>
> The "set" rule is noalert. You'll never see it alert.

true but perhaps someone sets them to show an alert? ;)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-sigs mailing list