Snort mailing list archives
Re: More poorly performing GID 3 rules....
From: Patrick Mullen <pmullen () sourcefire com>
Date: Wed, 3 Feb 2010 13:07:06 -0500
Actually, both of those rules are open source if you want to look at their source code. bad-traffic_pgm-nak-overflow.c p2p_winny.c Not all SO rules are closed source. Many SO rules are C code because they do much more than the standard rules library allows; despite popular opinion, rules aren't compiled only to obfuscate the detection. :) Hope this helps, ~Patrick On Wed, Feb 3, 2010 at 12:49 PM, Guise McAllaster <guise.mcallaster () gmail com> wrote:
More poorly performing GID 3 rules that I cannot understand without reversing because they are compiled and the source is not released. 7019 - P2P WinNY connection attempt 8351 - BAD-TRAFFIC PGM nak list overflow attempt Srsly, is there any good reason these are protected by closed source? Maybe I can understand 8351 if it is part of your deal with MS but WinNY??? And don't get me started on the SMB hogs.... Guise ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- More poorly performing GID 3 rules.... Guise McAllaster (Feb 03)
- Re: More poorly performing GID 3 rules.... Matt Olney (Feb 03)
- Re: More poorly performing GID 3 rules.... Guise McAllaster (Feb 03)
- Re: More poorly performing GID 3 rules.... JJ Cummings (Feb 03)
- Re: More poorly performing GID 3 rules.... Patrick Mullen (Feb 03)
- <Possible follow-ups>
- Re: More poorly performing GID 3 rules.... Perry, Brian (Feb 04)
- Re: More poorly performing GID 3 rules.... Matt Olney (Feb 03)