[Snort-users] [Snort-sigs] Flowbit dependancy issue

Matthew Watchinski mwatchinski at ...1935...
Mon Jan 8 12:54:19 EST 2007


This flowbit was updated in the 2007-01-04 rule release.

Cheers,
-matt

Bamm Visscher wrote:
> *crickets*  ??
> 
> On 1/4/07, Bamm Visscher <bamm.visscher at ...11827...> wrote:
> 
>> Can you define "shortly". The problem was reported out of band well
>> before Matt brought it up on list. Are there any work arounds?  Can I
>> just s/dce.isystemactivator.bind/dce.bind.ISystemActivator/g as it
>> looks like there was a major renaming of flowbits that may have caused
>> the issue. Do I need to do a work around or do the new rules
>> associated with dce.bind.ISystemActivator give me the same coverage?
>>
>> Bammkkkk
>>
>>
>> On 12/21/06, Matthew Watchinski <mwatchinski at ...1935...> wrote:
>> > Clean ups for this warning will be out shortly.
>> >
>> > Cheers,
>> > -matt
>> >
>> > Matt Jonkman wrote:
>> > > Using the new version of oinkmaster that's doing more detailed 
>> flowbit
>> > > dependancy checking:
>> > >
>> > > WARNING: SID 3431 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3436 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3428 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3435 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3425 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3433 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3430 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3439 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3429 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3427 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3437 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3434 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3440 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3426 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3432 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > > WARNING: SID 3438 depends on flowbit "dce.isystemactivator.bind" 
>> which
>> > > is not set in any rule
>> > >
>> > > I can't find the sig that's supposed to set that. That kills some 
>> good
>> > > rules. Anyone know where it went?
>> > >
>> > > Matt
>> > >
>> >
>> >
>> > 
>> -------------------------------------------------------------------------
>> > Take Surveys. Earn Cash. Influence the Future of IT
>> > Join SourceForge.net's Techsay panel and you'll get the chance to 
>> share your
>> > opinions on IT & business topics through brief surveys - and earn cash
>> > 
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>> > _______________________________________________
>> > Snort-sigs mailing list
>> > Snort-sigs at lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> >
>>
>>
>> -- 
>> sguil - The Analyst Console for NSM
>> http://sguil.sf.net
>>
> 
> 





More information about the Snort-users mailing list