so_rule problem

[Jimmy Tharel <jtharel () yahoo com>]

I'm trying to get my Snort installation to detect the latest ms10-070 
vulnerability.  According to 
http://www.snort.org/vrt/advisories/2010/09/23/vrt-rules-2010-09-23.html it 
should have been included in the rules released on the 23rd.

Rules to detect attacks targeting this vulnerability are included in  this 
release and are identified with GID 3, SIDs 17428 and 17429

When I compile the so_rules from source I don't see these 2 rules/sids (17428 
and 17429).  I used "snort -c /etc/snort/snort.conf 
--dump-dynamic-rules=/etc/snort/so_rules" to create the .rules files.  I also 
went through several of the pre-compiled rules using the same method and didn't 
see these rules/sids there either.  Just to be thorough I looked through all the 
normal rules and preproc_rules as well and didn't see them there either.  


Am I way off base in what I am doing or should these be showing up?

Thanks,

Jimmy


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users