Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: what means the deleted.rules

From: Jamie Riden <jamie.riden () gmail com>
Date: Fri, 12 Aug 2011 10:47:50 +0100
I think it means that someone has deliberately removed them - it's
just a holding area, for reference.

In other words, you'd be enabling something which one of the guys who
look after sigs has deliberately taken out for correctness or
performance reasons, so probably not a great idea.

cheers,
 Jamie

On 12 August 2011 10:36, Zhuxian <zhuxian () huawei com> wrote:

I found one file name deleted.rules. And there are rules created at 2011 also.

# alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"DELETED WEB-CLIENT Internet Explorer CSS expression 
defined to empty slection attempt"; flow:established, to_client; content:"expression"; nocase; 
content:"document.selection.empty"; within:50; 
pcre:"/expression\s*\x28\s*document\x2eselection\x2eempty\s*\x28\s*\x29/si"; reference:cve,2011-1261; 
reference:url,www.microsoft.com/technet/security/bulletin/MS11-050.mspx; classtype:attempted-admin; sid:19244; rev:2;)

What means for this files?  Can i enable the rules in this file?


Regards,
Kurt.







------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it.
http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org





-- 
Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, 
user administration capabilities and model configuration. Take 
the hassle out of deploying and managing Subversion and the 
tools developers use with it. 
http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Previous By Date Next
Previous By Thread Next

Current thread: