Snort mailing list archives
Signature numbering significance
From: "Gardner, Warren (IHG)" <Warren.Gardner () ihg com>
Date: Thu, 19 May 2016 15:14:54 +0000
Hello, I've just begun to investigate some of the Snort signatures blocked by my firewall and don't really understand the naming convention and the significance of the numbers. I read the FAQ which simply stated that number must be > 10,000 for community submitted submissions but that didn't really give me the knowledge I was looking for. I have seen man of 1:16301:14 attempts on port 80; when I searched the snort DB it returned "Your search returned no results". I removed the :14 hoping that might be just a submission or release number and the search returned "1-16301 - This event is generated when an attempt is made to exploit a known vulnerability in Internet Explorer". Because it was a port 80 request the messaged about an IE vulnerability seemed to make sense (even if it did relate to v5 and v6). A similar thing happened with 1:21516:9 once I removed the :9 the search returned "This event is generated when an attempt is made to exploit a known vulnerability in jboss application server." My question is what significance to the colon separated values have(if any)? If the snort.org search returns no matches to a signature is there anywhere else I can find more information about a signature? Warren Gardner
------------------------------------------------------------------------------ Mobile security can be enabling, not merely restricting. Employees who bring their own devices (BYOD) to work are irked by the imposition of MDM restrictions. Mobile Device Manager Plus allows you to control only the apps on BYO-devices by containerizing them, leaving personal data untouched! https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Signature numbering significance Gardner, Warren (IHG) (May 19)
- Re: Signature numbering significance Y M (May 19)