The idea that of attaching the name of the author is very good :
- better doc
- better references
- improvement of the rules
- narcissistic profit
However, there is a very important drawback. It is spammer visibility.
I currently receive 30 spam the day.
It seems to me that we should consider this point before to add these
author references in the rules
Perhaps the reference could be only a http reference (an anchor) on a
single
web page that will give the mail adress in a protected way (there is a
lot of method
that disallow spammers to extract the mail adress too easily).
Ciao,
Thierry
Brian wrote:
On Wed, Nov 03, 2004 at 06:15:51PM -0500, Jason wrote:
I am against overloading the rules language at all and would prefer that
meta data be kept out of rules completely however why not use something
like
reference:url,mailto://bmc@snort.org
Which would output:
http://mailto://bmc@snort.org
Thats not a valid URL, last I checked.
If you wanted to add it as a reference, use this:
config reference: author mailto:
alert tcp any any -> any any (reference:author,bmc@snort.org;)
Brian
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
