The s///g will most likely work, but I haven't tested it. Additional
changes, other than the flowbit name, were made to these rules in the
2007-01-04 rule release.
-matt
Bamm Visscher wrote:
Yes, but that won't hit everyone for 30 days per the new license. Any
way you can clarify what happened and what those that don't pay for a
subscription can do?
Bammkkkk
On 1/8/07, Matthew Watchinski <mwatchinski@sourcefire.com> wrote:
This flowbit was updated in the 2007-01-04 rule release.
Cheers,
-matt
Bamm Visscher wrote:
*crickets* ??
On 1/4/07, Bamm Visscher <bamm.visscher@gmail.com> wrote:
Can you define "shortly". The problem was reported out of band well
before Matt brought it up on list. Are there any work arounds? Can I
just s/dce.isystemactivator.bind/dce.bind.ISystemActivator/g as it
looks like there was a major renaming of flowbits that may have caused
the issue. Do I need to do a work around or do the new rules
associated with dce.bind.ISystemActivator give me the same coverage?
Bammkkkk
On 12/21/06, Matthew Watchinski <mwatchinski@sourcefire.com> wrote:
Clean ups for this warning will be out shortly.
Cheers,
-matt
Matt Jonkman wrote:
Using the new version of oinkmaster that's doing more detailed
flowbit
dependancy checking:
WARNING: SID 3431 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3436 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3428 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3435 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3425 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3433 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3430 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3439 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3429 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3427 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3437 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3434 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3440 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3426 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3432 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
WARNING: SID 3438 depends on flowbit "dce.isystemactivator.bind"
which
is not set in any rule
I can't find the sig that's supposed to set that. That kills some
good
rules. Anyone know where it went?
Matt
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to
share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
--
sguil - The Analyst Console for NSM
http://sguil.sf.net
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
