Snort mailing list archives
historical rule information?
From: "Miller - CDLE, Michael" <michael.miller () state co us>
Date: Thu, 18 Apr 2013 09:55:32 -0600
I'm hunting down a rule that's generating a LOT of traffic on our network and was wondering if there were a wiki or history of rules to see what the thinking was behind them. Specifically, I'm alerting on [3:15474:5] BAD-TRAFFIC Microsoft ISA Server and Forefront Threat Management Gateway invalid RST denial of service attempt [Classification: Attempted Denial of Service] There are two ISA servers on that network, and they've been patched according to the KB article referenced in the rule detail ( http://technet.microsoft.com/en-us/security/bulletin/MS09-016), but the alerts are still being generated.
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- historical rule information? Miller - CDLE, Michael (Apr 18)
- Re: historical rule information? Patrick Mullen (Apr 18)
- Re: historical rule information? Miller - CDLE, Michael (Apr 18)
- Re: historical rule information? Patrick Mullen (Apr 18)