Home page logo
/

snort logo Snort mailing list archives

historical rule information?
From: "Miller - CDLE, Michael" <michael.miller () state co us>
Date: Thu, 18 Apr 2013 09:55:32 -0600

I'm hunting down a rule that's generating a LOT of traffic on our network
and was wondering if there were a wiki or history of rules to see what the
thinking was behind them. Specifically, I'm alerting on

[3:15474:5] BAD-TRAFFIC Microsoft ISA Server and Forefront Threat
Management Gateway invalid RST denial of service attempt [Classification:
Attempted Denial of Service]

There are two ISA servers on that network, and they've been patched
according to the KB article referenced in the rule detail (
http://technet.microsoft.com/en-us/security/bulletin/MS09-016), but the
alerts are still being generated.
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]