Snort mailing list archives
snort_sigid_structure
From: M naderipoor <m.naderipoor () ymail com>
Date: Sat, 26 Dec 2015 08:23:06 +0000 (UTC)
Hello I'm a graduate student and to do my research i need to know more about snort. i have two important question, at least they are so important to me. question 1 : Do there exist signature description of all snort's rules in rule_docs ? "https://www.snort.org/rule_docs" if yes why I'm not able to find signature description of all rules?e.g. 36611 is a SigID that exists in community_rules but there is no description for it in rule-docs question 2 : What is the structure of the SigID in rule-docs ? e.g . for SigID 105 there are the following Id in rule-docs. why this happened? while there exists just one rule with sigid 105 in community-rules file or in other rules file 1-105 ,105-1 , 105-2 , 105-3 , 105-4 the only rule that i found for sigid 105 is : alert tcp $HOME_NET 2589 -> $EXTERNAL_NET any (msg:"MALWARE-BACKDOOR - Dagger_1.4.0"; flow:to_client,established; content:"2|00 00 00 06 00 00 00|Drives|24 00|"; depth:16; metadata:ruleset community; classtype:misc-activity; sid:105; rev:14;) I'm so appreciate if you answer to this email Best Regards
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort_sigid_structure M naderipoor (Dec 26)