Duplicate sids (again)

["Lay, James" <james.lay () wincofoods com>]

So...I'm using the rulesets from what I thought was the repo:

 

http://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.t
ar.gz

 

Was this the right one to not get duplicate sids?  Just snagged this and
still seeing dup sids:

 

grep 2520144 *

emerging-tor.rules:alert tcp
[87.119.103.37,87.123.26.143,87.143.251.238,87.147.11.67,87.157.91.50,87
.171.103.26,87.194.125.162,87.21.39.166,87.220.58.85,87.227.83.103] any
-> $HOME_NET any (msg:"ET TOR Known Tor Exit Node TCP Traffic (73)";
flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules;
threshold: type limit, track by_src, seconds 60, count 1;
classtype:misc-attack; sid:2520144; rev:704;)

 

tor.rules:alert tcp
[87.119.103.37,87.123.26.143,87.143.251.238,87.147.11.67,87.157.91.50,87
.171.103.26,87.194.125.162,87.21.39.166,87.220.58.85,87.227.83.103] any
-> $HOME_NET any (msg:"ET TOR Known Tor Exit Node TCP Traffic (73)";
flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/TorRules;
threshold: type limit, track by_src, seconds 60, count 1;
classtype:misc-attack; sid:2520144; rev:704;)

 

Did something change while I slept?  Thanks.

 

James Lay

IT Security Analyst

WinCo Foods

208-672-2014 Office

208-559-1855 Cell

650 N Armstrong Pl.

Boise, Idaho 83704

 

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs