NOTE: This is the first Community rulepack which uses
community-sid-msg.map, instead of the previous sid-msg.map. This change
is being made in response to requests from numerous users of the
Community rules, in order to make management of multiple rulesets
simpler. If you have any questions about this new naming scheme, please
e-mail research@sourcefire.com, and we will address them as best we can.
This message is to announce the availability of an update for the
Sourcefire community rule set, which can be downloaded free of cost or
registration from http://www.snort.org/pub-bin/downloads.cgi.
New rules in this release are identified as SIDs 100000196-100000198.
These rules detect a directory traversal attack against the Qualcomm
Worldmail server, ICMP messages with invalid codes, and scans performed
by an NTP-based OS fingerprinting tool.
Sourcefire would like to thank rmkml for submitting these rules. As a
reminder, anyone who wishes to submit rules may do so at
http://www.snort.org/reg-bin/rulesubmit.cgi.
A list of new rules and their SIDs follows.
Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.
100000196 || COMMUNITY IMAP Qualcomm WorldMail SELECT dot dot attempt
100000197 || COMMUNITY ICMP undefined code
100000198 || COMMUNITY MISC Ntp fingerprint detect
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
