Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Missing SID information on Snort site

From: MA Bel <mab_generic () outlook com>
Date: Wed, 8 May 2013 19:24:15 +0000
Again... SID 21545 is also missing.   I found this link, which points to a disabled rule (which I have enabled).
http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_2/changes-2012-03-08.html
What's the point of leaving rule in the rules file if the goal is to never use it? Correct me if I'm wrong but this 
appears to be the motivation behind the removal of the related information page.

From: mab_generic () outlook com
To: snort-sigs () lists sourceforge net
Date: Wed, 8 May 2013 18:14:03 +0000
Subject: [Snort-sigs] Missing SID information on Snort site




Hi,
The following rule was triggered by Snort. The corresponding SID number is 20437. I did a search on the Snort website, 
no results were returned. This happens from time to time with other SIDs.   Does anyone know why the information is 
missing from the Snort website?
alert tcp $EXTERNAL_NET any -> $HOME_NET [443,465,587,995,993] (msg:"MALWARE-TOOLS multiple TLSv1 Encrypted Handshake 
messages - THC-SSL tool, potential DoS"; flow:established,to_server; ssl_state:!client_hello; content:"|16 03 01|"; 
depth:3; detection_filter:track by_src,count 25, seconds 2; reference:url,www.thc.org/thc-ssl-dos/; 
classtype:attempted-dos; sid:20437; rev:2;)
/mab                                      

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!                                       
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: