Snort mailing list archives
Snort Rules changelog
From: uri shalev <dabitter () gmail com>
Date: Wed, 14 Sep 2011 16:07:27 +0300
Hi all, I'm trying to understand the rules changelog: i.e., this page - http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_0/changes-2011-09-13.html 1. Does every line actually stands for a new, unique IPS solution addressing the vulnerability described (under the 'New Rules')? 2. In the 'Modified Rules' section, are these existing rules that have been improved? 3. Some of the rules address the same issues, with a slight difference, for instance: * 1:20097 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infected host at destination ip (botnet-cnc.rules) * 1:20096 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir outbound connection (botnet-cnc.rules) Again, do they stand for an individual solution or are they two parts of the same protection? Maybe I'm missing the entire concept of the rules system, I'd appreciate it if you could help me understand it a little better. Thanks, BB
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Rules changelog uri shalev (Sep 14)
- Re: Snort Rules changelog Alex Kirk (Sep 14)
- Re: Snort Rules changelog C Granger (Sep 14)
- Re: Snort Rules changelog Joel Esler (Sep 14)
- Re: Snort Rules changelog Chris Granger (Sep 14)
- Re: Snort Rules changelog Joel Esler (Sep 14)