[Snort-users] specific-threats file messed up?

waldo kitty wkitty42 at ...14940...
Wed Sep 15 17:57:32 EDT 2010


just noticing the thread about specific-threats.rules so i took a peek at mine 
and the first thing i note is that it seems to be "broken"... "broken" in that 
there are 6 rules listed /ABOVE/ the copyright boilerplate text...

specific-threats.rules
1:1900:12
1:1901:13
1:1810:15
1:1811:13
1:16287:3
1:12202:3

so i took a peek at all the VRT rules files and found more that are skagged in 
this same manner of rules listed above the copyright boilerplate...

botnet-cnc.rules
1:10403:6
1:13953:4
1:10114:7
1:9418:9
1:10113:7
1:15297:3
1:15296:4
1:15295:4
1:15423:3
1:15481:7
1:15553:4
1:15730:4
1:15938:4
1:16297:3
1:16299:3
1:16298:3
1:16302:3
1:16303:3
1:16304:3
1:16368:3
1:16391:5
1:16441:4
1:16442:3
1:16440:6
1:16439:3
1:16459:5
1:16485:6
1:16484:6
1:16483:4
1:16527:4
1:16528:4
1:16526:3

exploit.rules
1:15490:2
1:15906:3
1:15907:3

oracle.rules
1:3532:7
1:3630:7
1:3631:7

policy.rules
1:490:8
1:493:7

rpc.rules
1:12458:4

telnet.rules
1:492:11
1:718:10

voip.rules
1:12359:5

web-misc.rules
1:976:15

scada.rules and web-activex.rules don't even have a copyright boilerplate 
section in them!

granted, these rules being there doesn't hurt anything due to the format of the 
rules files but still... sumptin' ain't right in the land of gosh'n...






More information about the Snort-users mailing list