Snort mailing list archives
sid:5998; rev:7
From: Zied Naas <Zied.Naas () abovesecurity com>
Date: Tue, 20 Oct 2015 19:11:34 +0000
Good day, The rule PUA-P2P Skype client login startup having the SID 5998, rev 7 is triggering alerts despite the fact that it is deprecated. This rule is setting flowbits and there is no “no alert” in the rule’s options alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PUA-P2P Skype client login startup"; flow:to_server,established; dsize:5; content:"|16 03 01 00|"; depth:4; flowbits:set,skype.login; classtype:policy-violation; sid:5998; rev:7;) Regards, Zied
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- sid:5998; rev:7 Zied Naas (Oct 20)