Re: (no subject)

[waldo kitty <wkitty42 () windstream net>]

On 4/29/2013 13:05, Chukhaltsetseg Shijirbaatar wrote:
> Are this rules bad?

1. what rules?
   a. if you are talking about the two rules you posted in another thread, their 
structure looks ok...

   b. do you really mean for the references in those two rules to point to the 
P2P tracker server? they should point to an article or short description of the 
rule and why it was written the way it is...

   c. the second rule has too many '/' in the reference...

   d. the second rule is apparently to detect traffic from the client to the 
server but the first rule doesn't indicate any direction... this is ok in some 
cases...

   e. the first rule should fire on any occurrence of "www.mininova.org" in 
any/all traffic... this posting should trigger it as your original post would 
have triggered it if that snort is looking at this connection...

2. what do you consider "bad"?


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!