Snort mailing list archives
Re: Confusion about SID 25282
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 4 Dec 2013 13:40:36 +0000
That rule has always been disabled by default in the balanced policy. It, however, has always been in the security policy by default. Regardless of version. -- Joel Esler AEGIS Intelligence Lead OpenSource Manager Vulnerability Research Team, Sourcefire On Dec 4, 2013, at 6:07 AM, Lukas Matt <lukas.matt () sophos com<mailto:lukas.matt () sophos com>> wrote: Hi guys, customer asked for SID 25282 which is disabled in version 2.9.3.1 (see here<http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_3_1/changes-2013-02-05.html>) but not disabled in our current version 2.9.5. Why was the rule only skipped in the previous version? Cheers, Lukas -- Lukas Matt Deep Packet Inspection Researcher, RnD tel: +49-721-25516-322, cell: +49-174-3440-555 Sophos Technology GmbH Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany SOPHOS Security made simple --- Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658 Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Confusion about SID 25282 Lukas Matt (Dec 04)
- Re: Confusion about SID 25282 Joel Esler (jesler) (Dec 04)