[Snort-users] Duplicate SIDs recently?

Andreas Östling andreaso at ...236...
Sun Sep 25 22:22:05 EDT 2005


On Sun, 25 Sep 2005, Jeff Kell wrote:

> My last oinkmaster cycle (and retries since) have flagged duplicates with 
> sourcefire sids:
...
> Grepping on SIDs I can't find any duplicates, making me think it's a goof in 
> the downloaded packages.  I'm using snort-2.4 rules plus current bleeding. 
> Anyone else having this issue? 
> Jeff

FYI, when Oinkmaster finds duplicate SIDs in the downloaded package it 
will keep the one with the highest 'rev' and discard the other(s), 
that's why you can't find any duplicates when grepping the result.
It would be nice if Sourcefire did some simple automated check so 
duplicate SIDs never get published in the first place though.

/Andreas




More information about the Snort-users mailing list