[Snort-users] Stupid rule question

Ryan Russell ryan at ...35...
Mon Mar 26 16:14:14 EST 2001


On Mon, 26 Mar 2001, Brian Caswell wrote:

> Well, this rule is junk all the way around.  You are correct that the
> ports are mixed up in this case, but the rule needs to be axed in
> general.

I had a reply from Jim Forster that indicated that the ports were
backwards from what was intended.

There are several similar rules in the same category... looking for
nc.exe, net.exe and telnet.exe being executed, among others.  I can see
some value in looking for that.

					Ryan





More information about the Snort-users mailing list