Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] [Snort-sigs] Flowbit dependancy issue

from [Bamm Visscher] Network Security [Permanent Link]
Subject: Re: [Snort-users] [Snort-sigs] Flowbit dependancy issue
Date: Thu, 4 Jan 2007 12:37:19 -0700 
Can you define "shortly". The problem was reported out of band well
before Matt brought it up on list. Are there any work arounds?  Can I
just s/dce.isystemactivator.bind/dce.bind.ISystemActivator/g as it
looks like there was a major renaming of flowbits that may have caused
the issue. Do I need to do a work around or do the new rules
associated with dce.bind.ISystemActivator give me the same coverage?

Bammkkkk


On 12/21/06, Matthew Watchinski <mwatchinski@sourcefire.com> wrote:

Clean ups for this warning will be out shortly.

Cheers,
-matt

Matt Jonkman wrote:

Using the new version of oinkmaster that's doing more detailed flowbit
dependancy checking:

WARNING: SID 3431 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3436 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3428 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3435 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3425 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3433 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3430 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3439 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3429 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3427 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3437 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3434 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3440 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3426 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3432 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule
WARNING: SID 3438 depends on flowbit "dce.isystemactivator.bind" which
is not set in any rule

I can't find the sig that's supposed to set that. That kills some good
rules. Anyone know where it went?

Matt




-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] CN=Marty Bostick/OU=IS/O=PLC is out of the office., M. Shirk
Next by Date:  [Snort-sigs] Sourcefire VRT Certified Rules Update, Sourcefire VRT
Previous by Thread:  [Snort-sigs] CN=Marty Bostick/OU=IS/O=PLC is out of the office., Marty . Bostick
Next by Thread:  Re: [Snort-users] [Snort-sigs] Flowbit dependancy issue, Bamm Visscher
Indexes:  [Date] [Thread] [Top] [All Lists]