Re: Missing SID information on Snort site

[Joel Esler <jesler () sourcefire com>]

On May 8, 2013, at 2:14 PM, MA Bel <mab_generic () outlook com> wrote:

> The following rule was triggered by Snort. The corresponding SID number is 20437. I did a search on the Snort 
> website, no results were returned. This happens from time to time with other SIDs.   Does anyone know why the 
> information is missing from the Snort website?
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET [443,465,587,995,993] (msg:"MALWARE-TOOLS multiple TLSv1 Encrypted Handshake 
> messages - THC-SSL tool, potential DoS"; flow:established,to_server; ssl_state:!client_hello; content:"|16 03 01|"; 
> depth:3; detection_filter:track by_src,count 25, seconds 2; reference:url,www.thc.org/thc-ssl-dos/; 
> classtype:attempted-dos; sid:20437; rev:2;)

Unfortunately, the amount of rules we produce does not always equate to the number of docs we publish for each rule.  
We try very hard to make sure the reference in the rule is always descriptive.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!