Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Rules changelog

From: uri shalev <dabitter () gmail com>
Date: Wed, 14 Sep 2011 16:07:27 +0300
Hi all,
I'm trying to understand the rules changelog:
i.e., this page -
http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_0/changes-2011-09-13.html

   1. Does every line actually stands for a new, unique IPS solution
   addressing the vulnerability described (under the 'New Rules')?
   2. In the 'Modified Rules' section, are these existing rules that have
   been improved?
   3. Some of the rules address the same issues, with a slight difference,
   for instance:

 * 1:20097 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infected
host at destination ip (botnet-cnc.rules)
 * 1:20096 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir outbound
connection (botnet-cnc.rules)


Again, do they stand for an individual solution or are they two parts of the
same protection?
Maybe I'm missing the entire concept of the rules system, I'd appreciate it
if you could help me understand it a little better.

Thanks,
BB

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the 
BlackBerry&reg; mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry&reg; DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1 
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: