[Snort-users] Bug report : out of date url,'s in signature set VRT_PR-2.4
gulfie at ...13618...
Fri Dec 2 03:18:26 EST 2005
I was rooting through some snort rules, and found that some of the url,'z arn't responding anymore.
So I wrote a quick tool to help find which ones are there and which ones arn't. I figured I could tell a man to fish, or give him a fishing pole.
There are some false positives in the methodology, but the signal / noise ratio is okay.
Most of the problems are caused by domains becoming unregistered, or companies getting accuired.
www.atstake.com , www.packetfocus.com , www.tlsecurity.net, etc.
Or www.wiretrip.net, which is still borked up.
False positives include :
not sure why.
The COMM-2.4 set seems to be clean save some false positives.
Some example output is :
Note : http://www.tlsecurity.net/backdoor/Dagger.1.4.html is nolonger responding.
Note : www.bugtraq.org is nolonger in the whois database.
Output for bunches of rules files: Bleeding, COMM-2.4 and VRT_PR-2.4
More information about the Snort-users