[Snort-users] New rule SID question ...
erek at ...577...
Fri Jul 12 11:33:13 EDT 2002
On Fri, 12 Jul 2002, Hicks, John wrote:
> I just got an email anouncing a new M$ Encapsulated SMTP Address
> Vulnerability (attached for reference) and I'm trying to write a new rule
> for this, but have 1 question. What do I assign as a SID??? Do I have to
> look for an unused one from some master list???
You might also want to send over your rules and info on the vuln to snort-sigs
since that's where all the signature mongers hide. :)
Oh, and take one penalty drink. ;-)
More information about the Snort-users