[Snort-users] Jacked rules (was: New rules in exp)

Kreimendahl, Chad J Chad.Kreimendahl at ...4716...
Wed Jul 24 07:39:07 EDT 2002


Since I seem to have no response from the sigs list... Maybe someone
over here will notice :)

-----Original Message-----
From: Kreimendahl, Chad J 
Sent: Monday, July 22, 2002 11:11 AM
To: snort-sigs at lists.sourceforge.net
Subject: New rules in exp



The following rules and revisions have no classifications:
((1817->1835)-(1833))
1817, 1; 1818, 1; 1819, 1; 1820, 1;
1821, 1; 1822, 1; 1823, 1; 1824, 1;
1825, 1; 1826, 1; 1827, 1; 1828, 1;
1829, 1; 1830, 1; 1831, 1; 1832, 1;
1834, 1; 1835, 1;

My assumption as to their categories:

1817: attempted-admin
1818: attempted-admin
1819: attempted-recon?attempted-admin?bad-unknown?misc-activity
1820: web-application-activity
1821: system-call-detect
1822: web-application-attack
1823: web-application-attack
1824: web-application-activity
1825: web-application-activity
1826: web-application-activity
1827: web-application-attack
1828: web-application-attack
1829: web-application-activity
1830: web-application-activity
1831: attempted-dos
1832: misc-activity
1834: web-application-attack
1835: web-application-attack




More information about the Snort-users mailing list