[Snort-users] Just FYI

Ralf Hildebrandt Ralf.Hildebrandt at ...821...
Fri Mar 2 09:55:59 EST 2001


On Thu, Mar 01, 2001 at 11:06:17AM -0700, Jim Forster wrote:
> The new 'clean' ruleset is up and ready for download.  There have been some
> major changes to this set (many thanks to Brian Caswell) and it is a much
> cleaner, more accurate rulebase.
> <You will also find that the online database reflects the changes made to
> this release.>

Some stuff:

* Many rules with ":1023" are falsely labeled as "< 1023"; must be "< 1024" or
  "<= 1023"

* The rule "MISC source port 53 to <1024" has the same text for both UDP and
  TCP; I propose "MISC source port 53 to <1024 (UDP)" and "MISC source port
  53 to <1024 (UDP)"
 

-- 
ralf.hildebrandt at ...821...
System Engineer                                            innominate AG
Diplom-Informatiker                                 the linux architects
tel: +49.30.308806-62  fax: -698                      www.innominate.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010302/acad18d7/attachment.sig>


More information about the Snort-users mailing list