Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Who looks after the rules?

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 27 Sep 2001 16:15:39 +1200
Is there someone to send bug reports to about the rules?

I've just started seeing false alerts on "X11 outgoing", and it's another
case of the rule being too generalised. It's looking for:

alert tcp $EXTERNAL_NET 6000:6005 -> $HOME_NET any (msg:"X11 outgoing";
flags: SA; reference:arachnids,126; classtype:unknown; sid:1227; rev:1;)

when 

alert tcp $EXTERNAL_NET 6000:6005 -> $HOME_NET 1024: (msg:"X11 outgoing";
flags: SA; reference:arachnids,126; classtype:unknown; sid:1227; rev:1;)

would be better.

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: