Snort mailing list archives
Who looks after the rules?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 27 Sep 2001 16:15:39 +1200
Is there someone to send bug reports to about the rules? I've just started seeing false alerts on "X11 outgoing", and it's another case of the rule being too generalised. It's looking for: alert tcp $EXTERNAL_NET 6000:6005 -> $HOME_NET any (msg:"X11 outgoing"; flags: SA; reference:arachnids,126; classtype:unknown; sid:1227; rev:1;) when alert tcp $EXTERNAL_NET 6000:6005 -> $HOME_NET 1024: (msg:"X11 outgoing"; flags: SA; reference:arachnids,126; classtype:unknown; sid:1227; rev:1;) would be better. -- Cheers Jason Haar Unix/Special Projects, Trimble NZ Phone: +64 3 9635 377 Fax: +64 3 9635 417 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Who looks after the rules? Jason Haar (Sep 26)