Hosting Provided By

RE: [Snort-sigs] Issue with rule sid 255

From: Geoff Craig <GCraig(at)quilogy.com>
Date: Fri Apr 25 2003 - 11:37:08 EDT

Hey Brian,

I have had this same issue with Snort versions 1.8.7, 1.9.1, and now 2.0.0. I am running Snort on a Windows 2000 Server and am getting all other relevant alerts. As soon as I made the modification to the rule I started getting alerts for it as well.

PS Should we continue this discussion off list?

Geoff Craig
Infrastructure Architect
Quilogy - The Art & Science of Business
Atomic Security: Security for the real world.

-----Original Message-----
From: Brian [mailto:bmc@snort.org]
Sent: Friday, April 25, 2003 10:46 AM
To: Geoff Craig
Cc: snort-sigs@lists.sourceforge.net

On Fri, Apr 25, 2003 at 08:53:43AM -0500, Geoff Craig wrote:
> Attached are two windump files (I set the snaplen to 1500). I totally
DNS
> servers here. *wink*
>
> PS The dumps are from a lab so you will see IP's etc.

Uh, these alerted just fine in snort 2.0 with the default rule (that included offsets) Can you upgrade to 2.0 and see if you still have the issue?

-brian

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Apr 25 12:08:13 2003

Do you need help?

This message: [ Message body ]
Next message: L. Christopher Luther: "RE: [Snort-sigs] more on logs"
Previous message: Brian: "Re: [Snort-sigs] Issue with rule sid 255"
Maybe in reply to: Geoff Craig: "[Snort-sigs] Issue with rule sid 255"
In reply to Geoff Craig: "RE: [Snort-sigs] Issue with rule sid 255"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:27 EDT