Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] Flowbit dependancy issue

From: "Bamm Visscher" <bamm.visscher () gmail com>
Date: Mon, 8 Jan 2007 09:37:13 -0700
*crickets*  ??

On 1/4/07, Bamm Visscher <bamm.visscher () gmail com> wrote:

Can you define "shortly". The problem was reported out of band well
before Matt brought it up on list. Are there any work arounds?  Can I
just s/dce.isystemactivator.bind/dce.bind.ISystemActivator/g as it
looks like there was a major renaming of flowbits that may have caused
the issue. Do I need to do a work around or do the new rules
associated with dce.bind.ISystemActivator give me the same coverage?

Bammkkkk


On 12/21/06, Matthew Watchinski <mwatchinski () sourcefire com> wrote:

Clean ups for this warning will be out shortly.

Cheers,
-matt

Matt Jonkman wrote:

Using the new version of oinkmaster that's doing more detailed flowbit
dependancy checking:

WARNING: SID 3431 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3436 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3428 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3435 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3425 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3433 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3430 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3439 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3429 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3427 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3437 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3434 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3440 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3426 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3432 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3438 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule

I can't find the sig that's supposed to set that. That kills some good
rules. Anyone know where it went?

Matt




-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




--
sguil - The Analyst Console for NSM
http://sguil.sf.net




-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: