[Snort-users] BAD-TRAFFIC udp port 0 traffic

Matt Kettler mkettler at ...4108...
Fri Jul 18 12:30:02 EDT 2003


At 01:17 PM 7/18/2003 -0500, Jason Whitson wrote:
>I would like to disable this rule but it is not listed in the ruleset.

Are you SURE? I found it very quickly using grep on the default 2.0.0 ruleset:

bash$ cd snort-2.0.0/rules

bash$ grep -i "udp port 0" *

bad-traffic.rules:alert udp $EXTERNAL_NET any <> $HOME_NET 0 (msg:"BAD 
TRAFFIC udp port 0 traffic"; reference:cve,CVE-1999-0675; 
reference:nessus,10074; classtype:misc-activity; sid:525; rev:4;)





More information about the Snort-users mailing list