[Snort-users] Bug report : out of date url,'s in signature set VRT_PR-2.4

Gulfie gulfie at ...13618...
Fri Dec 2 03:18:26 EST 2005

	I was rooting through some snort rules, and found that some of the url,'z arn't responding anymore. 

	So I wrote a quick tool to help find which ones are there and which ones arn't.  I figured I could tell a man to fish, or give him a fishing pole. 


	There are some false positives in the methodology, but the signal / noise ratio is okay. 
	Most of the problems are caused by domains becoming unregistered, or companies getting accuired. 

	Examples : 
		www.atstake.com , www.packetfocus.com , www.tlsecurity.net, etc.

		Or www.wiretrip.net, which is still borked up.
		False positives include : 
			not sure why. 
			The COMM-2.4 set seems to be clean save some false positives.

	Some example output is : 			
		Note : http://www.tlsecurity.net/backdoor/Dagger.1.4.html   is nolonger responding.

		Note : www.bugtraq.org is nolonger in the whois database.

	Output for bunches of rules files: Bleeding, COMM-2.4 and VRT_PR-2.4




More information about the Snort-users mailing list