[Snort-users] Rule missing from sid-msg.map

Paul Schmehl pauls at ...6838...
Mon Mar 21 10:06:11 EST 2005


I'm running snort Version 2.3.0 (Build 10) on FreeBSD 4.9 SECURITY, 
fetching snortrules-snapshot-2.3.tar.gz nightly and running oinkmaster to 
update.

Sid:2505 was missing from my sid-msg.map:

/usr/local/share/snort/web-misc.rules:alert tcp $EXTERNAL_NET any -> 
$HTTP_SERVERS 443 (msg:"WEB-MISC SSLv3 invalid data version attempt"; 
flow:to_server,established; content:"|16 03|"; depth:2; content:"|01|"; 
depth:1; offset:5; content:!"|03|"; depth:1; offset:9; 
reference:bugtraq,10115; reference:cve,2004-0120; reference:nessus,12204; 
reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx; 
classtype:attempted-dos; sid:2505; rev:9;)

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list