Snort mailing list archives
Re: Strange Alert
From: Todd Wease <twease () sourcefire com>
Date: Wed, 10 Feb 2010 09:03:39 -0500
On 02/10/2010 08:54 AM, Jens Link wrote:
Nigel Houghton<nhoughton () sourcefire com> writes:Then if you look in the doc directory (it's in the distribution, look for it) you will find the document that accompanies this event, it is named 133-34.txt. (I thought the gid-sid.txt naming convention might be helpful)Thanks for your help Nigel, apparently there is no doc/signatures directory in the 2.8.5.2 tarball. There is one in the 2.8.5.1 tarball though. I guess that's why I couldn't find it. cheers, Jens
Jens, Take a look in doc/README.dcerpc2 for an explanation of that event. It's meant to try to identify evasions where a request is fragmented unnecessarily. Todd ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Nigel Houghton (Feb 10)
- Re: Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Todd Wease (Feb 10)
- Re: Strange Alert Nigel Houghton (Feb 10)
- Re: Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Nigel Houghton (Feb 10)
- Re: Strange Alert John Gay (Feb 10)
- Re: Strange Alert Dirk Geschke (Feb 10)