Snort mailing list archives
Re: GPL sig 1313
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 18 Mar 2011 16:10:44 -0400
It's not community. Community's numbers were like 10,000,000 or something sids. It's a discontinued VRT rule. J On Mar 18, 2011, at 4:02 PM, rmkml wrote:
Hi, it's snort community if I remember correctly: rules/porn.rules:alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"PORN up skirt"; content:"up skirt"; nocase; flow:to_client,established; classtype:kickass-porn; sid:1313; rev:5;) Regards Rmkml On Fri, 18 Mar 2011, Weir, Jason wrote:Nigel, Oops - my bad, It's part of the GPLs - looks like it came from the ET side... Didn't they use to be distributed with Snort?? -J-----Original Message----- From: Nigel Houghton [mailto:nhoughton () sourcefire com] Sent: Friday, March 18, 2011 1:43 PM To: Weir, Jason Cc: snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] GPL sig 1313 On Fri, 18 Mar 2011 12:01:47 -0400, Weir, Jason wrote:Seeing what could be a FP on 1313 Here's the data - no "up skirt" that I can see.... -JIs that SID correct? We don't have a rule with that particular SID.------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
-- Joel Esler jesler () sourcefire.com http://blog.snort.org && http://blog.clamav.net Twitter: @snort ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- GPL sig 1313 Weir, Jason (Mar 18)
- Re: GPL sig 1313 Nigel Houghton (Mar 18)
- Re: GPL sig 1313 Weir, Jason (Mar 18)
- Re: GPL sig 1313 rmkml (Mar 18)
- Re: GPL sig 1313 Joel Esler (Mar 18)
- Re: GPL sig 1313 Weir, Jason (Mar 18)
- Re: GPL sig 1313 Nigel Houghton (Mar 18)