Re: GPL sig 1313

[rmkml <rmkml () yahoo fr>]

Hi,
it's snort community if I remember correctly:
rules/porn.rules:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN up skirt"; content:"up skirt"; nocase; 
flow:to_client,established; classtype:kickass-porn; sid:1313; rev:5;)
Regards
Rmkml


On Fri, 18 Mar 2011, Weir, Jason wrote:

> Nigel,
> Oops - my bad, It's part of the GPLs - looks like it came from the ET side...
> Didn't they use to be distributed with Snort??
> -J
>
> > -----Original Message-----
> > From: Nigel Houghton [mailto:nhoughton () sourcefire com]
> > Sent: Friday, March 18, 2011 1:43 PM
> > To: Weir, Jason
> > Cc: snort-sigs () lists sourceforge net
> > Subject: Re: [Snort-sigs] GPL sig 1313
> >
> >
> > On Fri, 18 Mar 2011 12:01:47 -0400, Weir, Jason wrote:
> > > Seeing what could be a FP on 1313
> > > Here's the data - no "up skirt" that I can see....
> > > -J
> >
> > Is that SID correct? We don't have a rule with that particular SID.

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org