Re: [Emerging-Sigs] SHELLCODE x86 inc ecx NOOP - for Yahoo

[Joel Esler <jesler () sourcefire com>]

1-999,999 are Sourcefire's SIDs.

Yes, it's off by default.  We've made some changes to the default state of
rules just today.  We'll put more out about this tomorrow in a blog post
when we release the rules.

Joel

On Wednesday, February 8, 2012, waldo kitty <wkitty42 () windstream net> wrote:
> On 2/8/2012 19:24, Joel Esler wrote:
> > It's a VRT rule. It's an indicator rule. Meaning its meant to used in
> > conjunction with other rules for a more complete picture.
> >
> > It's off by default.
>
> thanks for that, joel! i didn't know if it was off by default or if i had
> already turned it off because of just this type of problem with it...
>
> thanks also for the confirmation that it is a VRT rule... there are times
that i
> tend to see something and if it is in a certain SID range, i automatically
> classify as to those i know are using those ranges...
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!
>

-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!