[Snort-users] specific-threats file messed up?

Joel Esler jesler at ...1935...
Wed Sep 15 18:50:42 EDT 2010


We'll take a look.

Thanks.

J

On Wed, Sep 15, 2010 at 5:57 PM, waldo kitty <wkitty42 at ...14940...>wrote:

>
> just noticing the thread about specific-threats.rules so i took a peek at
> mine
> and the first thing i note is that it seems to be "broken"... "broken" in
> that
> there are 6 rules listed /ABOVE/ the copyright boilerplate text...
>
> specific-threats.rules
> 1:1900:12
> 1:1901:13
> 1:1810:15
> 1:1811:13
> 1:16287:3
> 1:12202:3
>
> so i took a peek at all the VRT rules files and found more that are skagged
> in
> this same manner of rules listed above the copyright boilerplate...
>
> botnet-cnc.rules
> 1:10403:6
> 1:13953:4
> 1:10114:7
> 1:9418:9
> 1:10113:7
> 1:15297:3
> 1:15296:4
> 1:15295:4
> 1:15423:3
> 1:15481:7
> 1:15553:4
> 1:15730:4
> 1:15938:4
> 1:16297:3
> 1:16299:3
> 1:16298:3
> 1:16302:3
> 1:16303:3
> 1:16304:3
> 1:16368:3
> 1:16391:5
> 1:16441:4
> 1:16442:3
> 1:16440:6
> 1:16439:3
> 1:16459:5
> 1:16485:6
> 1:16484:6
> 1:16483:4
> 1:16527:4
> 1:16528:4
> 1:16526:3
>
> exploit.rules
> 1:15490:2
> 1:15906:3
> 1:15907:3
>
> oracle.rules
> 1:3532:7
> 1:3630:7
> 1:3631:7
>
> policy.rules
> 1:490:8
> 1:493:7
>
> rpc.rules
> 1:12458:4
>
> telnet.rules
> 1:492:11
> 1:718:10
>
> voip.rules
> 1:12359:5
>
> web-misc.rules
> 1:976:15
>
> scada.rules and web-activex.rules don't even have a copyright boilerplate
> section in them!
>
> granted, these rules being there doesn't hurt anything due to the format of
> the
> rules files but still... sumptin' ain't right in the land of gosh'n...
>
>
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100915/b2bf2c38/attachment.html>


More information about the Snort-users mailing list