Re: gen-msg.map missing some SIDs for dcerpc2

[waldo kitty <wkitty42 () windstream net>]

On 11/22/2012 15:42, Jeremy Hoel wrote:
> OK then.. so what are the binary rules that come in the vrt download?

those are shared object rules... they are GID 3 so their GID:SID is 
3:xxx:rev#... where xxx is the SID specified in the rule and rev$ is the 
revision number also specified in the rule...

> And in re guards to dcerpce2 missing sigs?

dcrep2 is handled in a preprocessor... there may be GID 1 and/or GID 3 rules 
which are also triggered by data that the dcrep2 proprocessor decodes and/or 
otherwise handles...

> 133:50 for example?

that one is from a preprocessor... the dcrep2 preprocessor to be exact... this 
is not a shared object (GID 3 *.so) rule nor is it a GID 1 plain text rule...

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!