Snort mailing list archives
Re: Missing SID information on Snort site
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 8 May 2013 16:38:07 -0400
On May 8, 2013, at 2:14 PM, MA Bel <mab_generic () outlook com> wrote:
The following rule was triggered by Snort. The corresponding SID number is 20437. I did a search on the Snort website, no results were returned. This happens from time to time with other SIDs. Does anyone know why the information is missing from the Snort website? alert tcp $EXTERNAL_NET any -> $HOME_NET [443,465,587,995,993] (msg:"MALWARE-TOOLS multiple TLSv1 Encrypted Handshake messages - THC-SSL tool, potential DoS"; flow:established,to_server; ssl_state:!client_hello; content:"|16 03 01|"; depth:3; detection_filter:track by_src,count 25, seconds 2; reference:url,www.thc.org/thc-ssl-dos/; classtype:attempted-dos; sid:20437; rev:2;)
Unfortunately, the amount of rules we produce does not always equate to the number of docs we publish for each rule. We try very hard to make sure the reference in the rule is always descriptive. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Missing SID information on Snort site MA Bel (May 08)
- Re: Missing SID information on Snort site MA Bel (May 08)
- Re: Missing SID information on Snort site Joel Esler (May 08)
- Re: Missing SID information on Snort site Joel Esler (May 08)
- Re: Missing SID information on Snort site MA Bel (May 08)