Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS

From: Nigel Houghton <nhoughton () sourcefire com>
Date: Wed, 13 Jan 2010 13:10:26 -0500
On Wed, Jan 13, 2010 at 12:56 PM, Guise McAllaster
<guise.mcallaster () gmail com> wrote:

Hello.  Thanks you for response.   Turns out that I do not have MS ISA.  But
now I am curious.  Alert is happening on a very small packet.  Why?  Not
sure if it encrypted data.  Can I get a copy of source code for this?


Short answer, no. Sorry.

Here's a slightly longer explanation from the README that comes with
the so rules in the tarball:

"Due to contract terms with some 3rd party research organizations,
 a number of VRT certified rules will only be delivered as binaries.

 This applies only to shared object (SO) rules. Non-shared object rules
 WILL NOT be affected."

So, unfortunately, this particular rule is covered by the agreement
with the 3rd party.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: