[Snort-users] Ridding ourselves of flags: A+

Kreimendahl, Chad J Chad.Kreimendahl at ...4716...
Tue Oct 29 09:28:10 EST 2002


I noticed, after an onslaught of false positives, that there were still
several rules in existence that use flags:A+ instead of the preferred
flow:established.

We took the liberty of modifying the rules files that still did this,
and where possible added to_server or to_client.  Here is a zip of all
the diff's (diff -Nu).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: RuleDiffs.tar.gz
Type: application/x-gzip
Size: 4693 bytes
Desc: RuleDiffs.tar.gz
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021029/ed7400b7/attachment.bin>


More information about the Snort-users mailing list