Snort mailing list archives
Re: flowbits:set SID:15730 SID:16093
From: Alex Kirk <akirk () sourcefire com>
Date: Wed, 30 Dec 2009 16:14:29 -0500
Not errors on your part, actually good catches. I'm not sure what happened with the first flowbit, since we've got no record of ever having a second rule that would have used that flowbit. It's been deleted over here, and will go out that way in the next SEU. The second flowbit had a rule that used it in our tracking system, and somehow that rule never made it into the SEU - probably an error on my part while doing a manual add, since I'm the one who committed the rule with the flowbit. It's been added now, and will be out in the next SEU. On Wed, Dec 30, 2009 at 3:50 PM, Jason Wallace <jason.r.wallace () gmail com>wrote:
Hi, sid:15730 uses flowbits:set,trojan.delf.post; but there is no other rule which uses this flowbit... sid:16093 uses flowbits:set,BugsPrey_detection; flowbits:noalert; but again there is no other rule which uses this flowbit. Are these errors or am I somehow missing rules? I'm using snortrules-snapshot-2.8.tar.gz for registered users and the precompiled rules for 2.8.5 Thx, Wally ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
-- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- flowbits:set SID:15730 SID:16093 Jason Wallace (Dec 30)
- Re: flowbits:set SID:15730 SID:16093 Alex Kirk (Dec 30)
- Re: flowbits:set SID:15730 SID:16093 Alex Kirk (Dec 30)
- Re: flowbits:set SID:15730 SID:16093 Alex Kirk (Dec 30)