Snort mailing list archives

Previous By Date Next
Previous By Thread Next

sid:5998; rev:7

From: Zied Naas <Zied.Naas () abovesecurity com>
Date: Tue, 20 Oct 2015 19:11:34 +0000
Good day,

                The rule PUA-P2P Skype client login startup having the SID 5998, rev 7 is triggering alerts despite the 
fact that it is deprecated.
This rule is setting flowbits and there is no   “no alert” in the rule’s options
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"PUA-P2P Skype client login startup"; flow:to_server,established; 
dsize:5; content:"|16 03 01 00|"; depth:4; flowbits:set,skype.login; classtype:policy-violation; sid:5998; rev:7;)



Regards,
Zied

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: