some policy rules missing in 1.8.7 beta5?

["Michael Scheidell" <scheidell () secnap net>]

Ok, so I don't keep up with all of these rules like I should, but updateing
for 1.86 release to 1.87beta5, looing at rule changes, I found this missing
from policy.rules, and in fact missing from any rules in 1.87beta5
distribution:
 grep -c ^alert policy.rules
7
(7 rules, one commented out.. )
in 1.8.6 policy rules:

grep -c ^alert policy.rules
30
(many of these were sent to p2p, but some seem missing)

policy.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"INFO ICQ
access"
; flags: A+; content: "User-Agent\:ICQ"; resp: rst_all;
classtype:misc-activity;
 sid:541; rev:3;)

policy.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET 1863 (msg:"INFO MSN
chat access";flags: A+; content:"text/plain"; depth:100;
classtype:misc-activity; sid:540; rev:3;)



policy.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"INFO
Outbound GN
UTella client request"; flags:A+; content:"GNUTELLA OK"; depth:40; resp:
rst_all
; classtype:misc-activity; sid:558; rev:3;)
(there is a SIMILAR rule in p2p, but for inbound request)

policy.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"INFO Inbound
GNU
Tella client request"; flags:A+; content:"GNUTELLA CONNECT"; depth:40; resp:
rst
_all; classtype:misc-activity; sid:559; rev:3;)


a recommend adding into p2p rules?


Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell () secnap net
http://www.secnap.net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users