Re: More poorly performing GID 3 rules....

[JJ Cummings <cummingsj () gmail com>]

The source for both of those is public and included in the rules tarball
that is available for download from snort.org.

$ grep -l 8351 *
bad-traffic_pgm-nak-overflow.c
$ grep -l 7019 *
p2p_winny.c

JJC

On Wed, Feb 3, 2010 at 10:49 AM, Guise McAllaster <
guise.mcallaster () gmail com> wrote:

> More poorly performing GID 3 rules that I cannot understand without
> reversing because they are compiled and the source is not released.
>
> 7019 - P2P WinNY connection attempt
> 8351 - BAD-TRAFFIC PGM nak list overflow attempt
>
> Srsly, is there any good reason these are protected by closed source?
> Maybe I can understand 8351 if it is part of your deal with MS but
> WinNY???  And don't get me started on the SMB hogs....
>
> Guise
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the
> business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs