[Snort-users] so_rule problem
jtharel at ...131...
Fri Oct 1 10:47:10 EDT 2010
I'm trying to get my Snort installation to detect the latest ms10-070
vulnerability. According to
should have been included in the rules released on the 23rd.
Rules to detect attacks targeting this vulnerability are included in this
release and are identified with GID 3, SIDs 17428 and 17429
When I compile the so_rules from source I don't see these 2 rules/sids (17428
and 17429). I used "snort -c /etc/snort/snort.conf
--dump-dynamic-rules=/etc/snort/so_rules" to create the .rules files. I also
went through several of the pre-compiled rules using the same method and didn't
see these rules/sids there either. Just to be thorough I looked through all the
normal rules and preproc_rules as well and didn't see them there either.
Am I way off base in what I am doing or should these be showing up?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users