Snort mailing list archives
Rule missing from sid-msg.map
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 21 Mar 2005 12:05:39 -0600
I'm running snort Version 2.3.0 (Build 10) on FreeBSD 4.9 SECURITY, fetching snortrules-snapshot-2.3.tar.gz nightly and running oinkmaster to update.
Sid:2505 was missing from my sid-msg.map:/usr/local/share/snort/web-misc.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 443 (msg:"WEB-MISC SSLv3 invalid data version attempt"; flow:to_server,established; content:"|16 03|"; depth:2; content:"|01|"; depth:1; offset:5; content:!"|03|"; depth:1; offset:9; reference:bugtraq,10115; reference:cve,2004-0120; reference:nessus,12204; reference:url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx; classtype:attempted-dos; sid:2505; rev:9;)
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule missing from sid-msg.map Paul Schmehl (Mar 21)