Home page logo

snort logo Snort mailing list archives

Re: Fwd: Snort rules using pp
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 24 Apr 2013 04:51:50 -0400

On 4/24/2013 02:07, Ashraf Ali wrote:

Can some body  pls check ...

Below are some the rules from snort.rules file , which PP has created.

brightstor-arc ReserveGroup attempt"; flow:established,to_server;
dce_iface:62B93DF0-8B02-11CE-876C-00805F842837; dce_opnum:38; metadata:policy
balanced-ips drop, policy connectivity-ips drop, policy security-ips drop,
service dcerpc; reference:cve,2006-6076; reference:cve,2006-6917;
classtype:protocol-command-decode; sid:10018; rev:9;)
metadata:policy security-ips drop, service http; reference:bugtraq,22196;
reference:bugtraq,33469; reference:cve,2007-0018;
<http://www.kb.cert.org/vuls/id/292713>; classtype:attempted-user; sid:10086;

unless this is a bad copy'n'paste, the above looks broken... the first 8 quoted 
lines are from one rule but the 9th line doesn't start off properly to be a 
valid rule (sid 10086)...

if this is a good copy'n'paste, your snort should have errored out on the above...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]