Re: sid-msg.map incomplete again

[Nigel Houghton <nhoughton () sourcefire com>]

On Tue, 25 Jan 2011 11:32:08 -0500, Lawrence R. Hughes, Sr. wrote:
> Hi,
>  
> How come VRT continues to release new rules, but does not update the 
> sid-msg.map file?
> Just downloaded the latest VRT rules with 4 new rules and the 
> following sids were missing from the sid-msg.map file for these rules:
>  
>  
> 18206 || NETBIOS Windows Address Book wab32res.dll malicious DLL load
> 18209 || NETBIOS Windows 7 Home peerdist.dll dll-load exploit attempt
> 18211 || NETBIOS Microsoft Movie Maker hhctrl.ocx dll-load exploit attempt
> 18278 || NETBIOS Vista Backup Tool fveapi.dll dll-load exploit attempt
> We added the above by hand...
>  

Pulledpork[0] will take care of your sid-msg.map. That way you can 
include all the rules you use, not just the VRT ones and you also get 
to include the local rules you have written for your environment too.

[0] - http://code.google.com/p/pulledpork/

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users