Snort mailing list archives
Re: [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 8 Feb 2012 22:17:20 -0500
1-999,999 are Sourcefire's SIDs. Yes, it's off by default. We've made some changes to the default state of rules just today. We'll put more out about this tomorrow in a blog post when we release the rules. Joel On Wednesday, February 8, 2012, waldo kitty <wkitty42 () windstream net> wrote:
On 2/8/2012 19:24, Joel Esler wrote:It's a VRT rule. It's an indicator rule. Meaning its meant to used in conjunction with other rules for a more complete picture. It's off by default.thanks for that, joel! i didn't know if it was off by default or if i had already turned it off because of just this type of problem with it... thanks also for the confirmation that it is a VRT rule... there are times
that i
tend to see something and if it is in a certain SID range, i automatically classify as to those i know are using those ranges... _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!
-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo Joel Esler (Feb 08)
- Message not available
- Re: [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo Joel Esler (Feb 08)
- Message not available