[Snort-users] so_rule problem

Jimmy Tharel jtharel at ...131...
Fri Oct 1 10:47:10 EDT 2010

I'm trying to get my Snort installation to detect the latest ms10-070 
vulnerability.  According to 
http://www.snort.org/vrt/advisories/2010/09/23/vrt-rules-2010-09-23.html it 
should have been included in the rules released on the 23rd.

Rules to detect attacks targeting this vulnerability are included in  this 
release and are identified with GID 3, SIDs 17428 and 17429

When I compile the so_rules from source I don't see these 2 rules/sids (17428 
and 17429).  I used "snort -c /etc/snort/snort.conf 
--dump-dynamic-rules=/etc/snort/so_rules" to create the .rules files.  I also 
went through several of the pre-compiled rules using the same method and didn't 
see these rules/sids there either.  Just to be thorough I looked through all the 
normal rules and preproc_rules as well and didn't see them there either.  

Am I way off base in what I am doing or should these be showing up?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101001/52a34af7/attachment.html>

More information about the Snort-users mailing list