Snort mailing list archives
Re: More poorly performing GID 3 rules....
From: "Perry, Brian" <Brian.Perry () phns com>
Date: Thu, 04 Feb 2010 07:55:03 -0600
Patrick Mullen <pmullen () sourcefire com> wrote: Actually, both of those rules are open source if you want to look at their source code. bad-traffic_pgm-nak-overflow.c p2p_winny.c Not all SO rules are closed source. Many SO rules are C code because they do much more than the standard rules library allows; despite popular opinion, rules aren't compiled only to obfuscate the detection. :) Hope this helps, ~Patrick On Wed, Feb 3, 2010 at 12:49 PM, Guise McAllaster <guise.mcallaster () gmail com> wrote:
More poorly performing GID 3 rules that I cannot understand without reversing because they are compiled and the source is not released. 7019 - P2P WinNY connection attempt 8351 - BAD-TRAFFIC PGM nak list overflow attempt Srsly, is there any good reason these are protected by closed source? Maybe I can understand 8351 if it is part of your deal with MS but WinNY??? And don't get me started on the SMB hogs.... Guise ------------------------------------------------------------------------
------
The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the
business
Choose flexible plans and management services without long-term
contracts
Personal 24x7 support from experience hosting pros just a phone call
away.
http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
-------------------------------------------------------------------------- ---- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ----------------------------------------- Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- More poorly performing GID 3 rules.... Guise McAllaster (Feb 03)
- Re: More poorly performing GID 3 rules.... Matt Olney (Feb 03)
- Re: More poorly performing GID 3 rules.... Guise McAllaster (Feb 03)
- Re: More poorly performing GID 3 rules.... JJ Cummings (Feb 03)
- Re: More poorly performing GID 3 rules.... Patrick Mullen (Feb 03)
- <Possible follow-ups>
- Re: More poorly performing GID 3 rules.... Perry, Brian (Feb 04)
- Re: More poorly performing GID 3 rules.... Matt Olney (Feb 03)