Re: about rpc

[Brian <bmc () snort org>]

On Thu, Nov 07, 2002 at 08:12:59AM +0800, ÕÅСµ¶ wrote:
> hi:
>  i met a problem today. I wanted snort to detect rpc request attempt, 
> but I found it didn't work.  I use nessus and select only RPC family,
> and I use snort with only rpc.rules, Is anything wrong?  I am not sure 
> if somone tested it.

What RPC request are you attempting?   There may not be a specific rule
that looks for what you are attempting.  If you let me know what you are
trying, I can cook something up for you.

BTW, in case everyone isn't watching the CVS commit logs, I am revisiting
many of the RPC rules using the new plugins byte_test and byte_jump.  The
RPC rules are growing in quality by an order of magnitude.

-brian


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users