Snort mailing list archives
Re: BAD-TRAFFIC udp port 0 traffic
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 18 Jul 2003 15:27:05 -0400
At 01:17 PM 7/18/2003 -0500, Jason Whitson wrote:
I would like to disable this rule but it is not listed in the ruleset.
Are you SURE? I found it very quickly using grep on the default 2.0.0 ruleset: bash$ cd snort-2.0.0/rules bash$ grep -i "udp port 0" *bad-traffic.rules:alert udp $EXTERNAL_NET any <> $HOME_NET 0 (msg:"BAD TRAFFIC udp port 0 traffic"; reference:cve,CVE-1999-0675; reference:nessus,10074; classtype:misc-activity; sid:525; rev:4;)
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BAD-TRAFFIC udp port 0 traffic Jason Whitson (Jul 18)
- Re: BAD-TRAFFIC udp port 0 traffic Matt Kettler (Jul 18)