[unisog] Snort woes

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Jan 24 08:51:36 GMT 2005


On Mon, 24 Jan 2005 17:35:22 +1300, Russell Fulton said:

> SID     CID     TimeStamp               Signature
> 4       164508  2005-01-24 16:53:31     BLEEDING-EDGE Malware Fun Web
> Products Agent Traffic

> the rule triggers on content:"FunWebProducts\;"
> 
> This particular rule is very prone to the problem but I see others as
> well including snort.org rules.

Could you please post the definition of that rule?  It's hard to figure out
what it's problem is if we don't have the rule handy  (or at least I can't
intuit it at 3:51AM without the rule.. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050124/54092c4b/attachment-0002.bin


More information about the unisog mailing list