Snort mailing list archives
Re: Snort Rules changelog
From: C Granger <chrisgrangerx () gmail com>
Date: Wed, 14 Sep 2011 09:25:02 -0400
Haha it would drive me crazy answering dumb questions like this. They two different rules that work differently, you filthy monkey! I response on mailing list yeah Sent from my iPad On Sep 14, 2011, at 9:07 AM, uri shalev <dabitter () gmail com> wrote:
Hi all, I'm trying to understand the rules changelog: i.e., this page - http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_0/changes-2011-09-13.html Does every line actually stands for a new, unique IPS solution addressing the vulnerability described (under the 'New Rules')? In the 'Modified Rules' section, are these existing rules that have been improved? Some of the rules address the same issues, with a slight difference, for instance: * 1:20097 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infected host at destination ip (botnet-cnc.rules) * 1:20096 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir outbound connection (botnet-cnc.rules) Again, do they stand for an individual solution or are they two parts of the same protection? Maybe I'm missing the entire concept of the rules system, I'd appreciate it if you could help me understand it a little better. Thanks, BB ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Rules changelog uri shalev (Sep 14)
- Re: Snort Rules changelog Alex Kirk (Sep 14)
- Re: Snort Rules changelog C Granger (Sep 14)
- Re: Snort Rules changelog Joel Esler (Sep 14)
- Re: Snort Rules changelog Chris Granger (Sep 14)
- Re: Snort Rules changelog Joel Esler (Sep 14)