[Snort-users] [Snort-sigs] Flowbit dependancy issue

Bamm Visscher bamm.visscher at ...11827...
Thu Jan 4 14:37:19 EST 2007


Can you define "shortly". The problem was reported out of band well
before Matt brought it up on list. Are there any work arounds?  Can I
just s/dce.isystemactivator.bind/dce.bind.ISystemActivator/g as it
looks like there was a major renaming of flowbits that may have caused
the issue. Do I need to do a work around or do the new rules
associated with dce.bind.ISystemActivator give me the same coverage?

Bammkkkk


On 12/21/06, Matthew Watchinski <mwatchinski at ...1935...> wrote:
> Clean ups for this warning will be out shortly.
>
> Cheers,
> -matt
>
> Matt Jonkman wrote:
> > Using the new version of oinkmaster that's doing more detailed flowbit
> > dependancy checking:
> >
> > WARNING: SID 3431 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3436 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3428 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3435 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3425 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3433 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3430 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3439 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3429 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3427 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3437 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3434 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3440 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3426 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3432 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> > WARNING: SID 3438 depends on flowbit "dce.isystemactivator.bind" which
> > is not set in any rule
> >
> > I can't find the sig that's supposed to set that. That kills some good
> > rules. Anyone know where it went?
> >
> > Matt
> >
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-users mailing list