Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset)

From: Jeff Kell <jeff-kell () utc edu>
Date: Sun, 6 Oct 2013 23:41:09 -0400
On 10/6/2013 11:37 PM, Joel Esler wrote:

On Oct 4, 2013, at 11:37 PM, nicenate () verizon net wrote:

In the case of this rule we just have not seen any current discussion for this rule.  We are asking here if anyone 
knows more about why this rule has been placed back into the VRT snort rule set.
Thank you for asking. This wasn't "placed back" into the ruleset, it seems as if we didn't cover this particular 
piece of the traffic to begin with, so while the references are from 2008, it's still a relevant rule. 


Got to cover those test suites :)  Useless otherwise, but makes the test
suite results look better :)

Jeff


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: