snort_sigid_structure

[M naderipoor <m.naderipoor () ymail com>]

Hello
I'm a graduate student and to do my research i need to know more about snort. i have two important question, at least 
they are so important to me.

question 1  : Do there exist signature description of all snort's rules in rule_docs ? 
"https://www.snort.org/rule_docs";
if yes why I'm not able to find signature description of all rules?e.g.  36611 is a SigID that exists in 
community_rules but there is no description for it in rule-docs
question 2 : What is the structure of the SigID in rule-docs ? 
e.g .  for SigID 105 there are the following Id in rule-docs. why this happened?  while there exists just one rule with 
sigid 105 in community-rules file or in other rules file
1-105 ,105-1 , 105-2 , 105-3 , 105-4
the only rule that i found  for sigid 105 is :
alert tcp $HOME_NET 2589 -> $EXTERNAL_NET any (msg:"MALWARE-BACKDOOR - Dagger_1.4.0"; flow:to_client,established; 
content:"2|00 00 00 06 00 00 00|Drives|24 00|"; depth:16; metadata:ruleset community; classtype:misc-activity; sid:105; 
rev:14;)


I'm so appreciate if you answer to this email
Best Regards




------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!