Snort mailing list archives
Re: PulledPork - disablesid.conf categories and SO rule stubs
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 4 May 2011 19:15:31 -0400
Eoin, You aren't a subscriber right? This was a different error. Not a pulledpork error. We've corrected this in the subscriber pack. -- Sent from my iPhone Forgive my misspellings and briefness On May 4, 2011, at 6:49 PM, Eoin Miller <eoin.miller () trojanedbinaries com> wrote:
This sucker doesn't get commented out: $ grep sid:13416 /nids/snort/rules/so_rules.rules alert tcp any any -> $HOME_NET 389 (msg:"DELETED DOS openldap authcid name denial of service attempt - DISABLED"; sid:13416; gid:3; rev:3; classtype:attempted-dos; reference:bugtraq,20939; reference:cve,2006-5779; metadata: engine shared, soid 3|13416;) When you have this in your disablesid.conf $ more /nids/pulledpork/etc/disablesid.conf VRT-deleted I get why disablesid.conf doesn't apply categories to the SO rule stubs that get generated. By design it just comments out the lines within the deleted.rules file in the tarball (which I totally understand). The user should be using pcre or just the sid's specifically they want to nuke for the SO rule stubs. Maybe update doc/README.CATEGORIES to reflect that it only effects the non-SO rules? -- Eoin Bearer of nitpicky nonsense. ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs JJC (May 04)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Eoin Miller (May 05)
- Re: PulledPork - disablesid.conf categories and SO rule stubs Joel Esler (May 05)
- Re: PullePork SO Rules Management? Eoin Miller (May 04)
- Re: PullePork SO Rules Management? JJC (May 04)