[Snort-users] so_rule problem

Nigel Houghton nhoughton at ...1935...
Fri Oct 1 11:07:22 EDT 2010

These rules are pre-compiled and are in the subscriber rule packs. They 
won't be available in the registered set until Oct 23rd.

On Fri, 1 Oct 2010 07:47:10 -0700 (PDT), Jimmy Tharel wrote:
> I'm trying to get my Snort installation to detect the latest ms10-070 
> vulnerability.  According to 
> http://www.snort.org/vrt/advisories/2010/09/23/vrt-rules-2010-09-23.html 
> it should have been included in the rules released on the 23rd.
> Rules to detect attacks targeting this vulnerability are included in 
> this release and are identified with GID 3, SIDs 17428 and 17429
> When I compile the so_rules from source I don't see these 2 
> rules/sids (17428 and 17429).  I used "snort -c /etc/snort/snort.conf 
> --dump-dynamic-rules=/etc/snort/so_rules" to create the .rules 
> files.  I also went through several of the pre-compiled rules using 
> the same method and didn't see these rules/sids there either.  Just 
> to be thorough I looked through all the normal rules and 
> preproc_rules as well and didn't see them there either.  
> Am I way off base in what I am doing or should these be showing up?
> Thanks,
> Jimmy
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

More information about the Snort-users mailing list