flowbits: file.wmp_playlist

[waldo kitty <wkitty42 () windstream net>]

there is no check rule in the *.rules files for flowbits: file.wmp_playlist...


registered subscriber using latest rules pulled 26 May 2013 for

    ,,_     -*> Snort! <*-
   o"  )~   Version 2.9.4.1 GRE (Build 69)
    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
            Using libpcap version 1.1.1
            Using PCRE version: 7.8 2008-09-05
            Using ZLIB version: 1.2.6



May 26 04:25:44 frodo snort[22314]: WARNING: flowbits key 'file.wmp_playlist' is 
set but not ever checked.


$ grep -E "file.wmp_playlist" /path/to/snort/*rules*/*.rules

/path/to/snort/rules/file-identify.rules:alert tcp $EXTERNAL_NET 554 -> 
$HOME_NET any (msg:"FILE-IDENTIFY Microsoft Windows Media Player playlist 
download"; flow:to_client,established; 
content:"WMS_CONTENT_DESCRIPTION_PLAYLIST_ENTRY_START_OFFSET"; 
fast_pattern:only; flowbits:set,file.wmp_playlist; flowbits:noalert; 
classtype:misc-activity; sid:14264; rev:12;)


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!