[Snort-users] Rules Corrections

Jim Forster jforster at ...176...
Tue Mar 27 13:29:02 EST 2001


I pulled the latest (greatest) Snort down this morning, and am cleaning
up the rules it has issues with.
I see 7 total that it doesn't like--
exploit.rules is missing a tag in the reference

The following need to be split into 2 rules-
scan.rules has a 1080,8080 port listed 
rpc.rules has a 111/32771 port listed
backdoor.rules has 2 of 12345/12346
dos.rules rules has a 7070/8080
policy.rules has a 6666:6669,7000 

I'll post a cleaned up (and corrected) set hopefully this afternoon.




More information about the Snort-users mailing list