Snort mailing list archives
Re: Bizarre signature
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 21 Jul 2010 11:59:43 -0400
If you are using PulledPork to pull your rules down, it should generate the sid-msg.map file that you'll need to point barnyard2 at. Joel On Jul 21, 2010, at 11:50 AM, Kun, Mike wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks! Is there something that needs to be configured in 2.8.6.0 that will cause the rules to show up with the msg field instead of just the sid? - -Mike-----Original Message----- From: Paul Schmehl [mailto:pschmehl_lists () tx rr com] Sent: Wednesday, July 21, 2010 10:48 AM To: Kun, Mike; snort-users () lists sourceforge net Subject: Re: [Snort-users] Bizarre signature --On Wednesday, July 21, 2010 10:38:40 -0400 "Kun, Mike" <mkun () akamai com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm starting to see alerts in BASE like Snort Alert [1:2001034:0] I have no local rules with SIDs anywhere near that value and clickingonthe snort link takes me to a 404 page. Grep-ing the snort.rules files dosen't show that sid anywhere. Has anyone seen this before?http://doc.emergingthreats.net/bin/view/Main/2001034 -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with OutlookGnuPG v1.2.3667 iQEcBAEBAgAGBQJMRxc8AAoJEMhWEt1OJPG/jyUH/i2gXmLeQY9TX3MeSzGesK8S Pss9TQCanlZFQaQRtAEb/09cPx6h7Q0PEiuoqld52vNUeDx8khDl9H3QH+PciCQw VOCDB/WDKbH3PznzHivrTir7eeNgAFjdzS42LJk7rta+y80jJkrstdXxCj+RTAGg dSxReW3x0oJznqTix93Ex9WD72E4xDIb4ac+POtaUnGsMgCXYBzLbh+xHkMBz1zb mIHF3ZHms1VJvNW/iMAyALCWndZdTy/BK8JZNRje4iRcw3rNqbh+etsA3HCwp9Qp Ypga2MbPcbzZbZ361AaN0O48JRWM68IiC8D2cBdeI9s/3DvemUzafe7TgtRX4lo= =yTDe -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bizarre signature Kun, Mike (Jul 21)
- Re: Bizarre signature Paul Schmehl (Jul 21)
- Re: Bizarre signature Kun, Mike (Jul 21)
- Re: Bizarre signature Joel Esler (Jul 21)
- Re: Bizarre signature Eoin Miller (Jul 21)
- Re: Bizarre signature beenph (Jul 21)
- Re: Bizarre signature Paul Schmehl (Jul 21)
- Re: Bizarre signature Kun, Mike (Jul 21)
- Re: Bizarre signature Jefferson, Shawn (Jul 21)
- Re: Bizarre signature Paul Schmehl (Jul 21)