[Snort-users] New rule SID question ...

Erek Adams erek at ...577...
Fri Jul 12 11:33:13 EDT 2002

On Fri, 12 Jul 2002, Hicks, John wrote:

> 	I just got an email anouncing a new M$ Encapsulated SMTP Address
> Vulnerability (attached for reference) and I'm trying to write a new rule
> for this, but have 1 question. What do I assign as a SID??? Do I have to
> look for an unused one from some master list???


You might also want to send over your rules and info on the vuln to snort-sigs
since that's where all the signature mongers hide.  :)

Oh, and take one penalty drink.  ;-)


Erek Adams

More information about the Snort-users mailing list