Re: [Snort-sigs] Error With Flowbit dce.bind.netware_cs

Forwarded for the benefit of the list and in case others are wondering
about the resolution.

Bammkkkk


On 1/15/07, Matthew Watchinski <mwatchinski@sourcefire.com> wrote:
> Actually it's a cheater way to disable a set of rules. We'll be
> disabling them all during the next rule re-gen.
>
> Additionally they are disabled because they affect the netware_cs client
> which isn't enabled by default, and config:ac-bnfa isn't on by default
> yet. ( I dislike 2gig of memory default policy start ups also )
>
> Cheers,
> -matt
>
> Bamm Visscher wrote:
> > The latest registered users rule pack
> > (snortrules-snapshot-CURRENT.tar.gz), released 2006-12-15, appears to
> > contain an error.  Sid 4583 that sets the flowbit: dce.bind.netware_cs
> > has been disabled (commented out) while a number of rules that are
> > dependant on the flowbit remain enabled by default.
> >
> > Is there a reason why sid 4583 is no longer on by default?  If the
> > signature is no longer needed, then the other rules with the
> > dce.bind.netware_cs dependancy should be disabled by default too. It
> > is my understanding the only negative effect this error will cause is
> > a slightly slow initial load time of snort and some unrequired memory
> > use. This of course assumes that those rules are meant to be
> > depreciated.
> >
> > Bammkkkk
> >
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > WARNING: SID 9234 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9234 is broken unless you also enable SID 4583).
> > WARNING: SID 9282 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9282 is broken unless you also enable SID 4583).
> > WARNING: SID 9208 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9208 is broken unless you also enable SID 4583).
> > WARNING: SID 9176 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9176 is broken unless you also enable SID 4583).
> > WARNING: SID 9276 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9276 is broken unless you also enable SID 4583).
> > WARNING: SID 9219 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9219 is broken unless you also enable SID 4583).
> > WARNING: SID 9191 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9191 is broken unless you also enable SID 4583).
> > WARNING: SID 9232 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9232 is broken unless you also enable SID 4583).
> > WARNING: SID 9312 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9312 is broken unless you also enable SID 4583).
> > WARNING: SID 9138 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9138 is broken unless you also enable SID 4583).
> > WARNING: SID 9290 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9290 is broken unless you also enable SID 4583).
> > WARNING: SID 9197 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9197 is broken unless you also enable SID 4583).
> > WARNING: SID 9161 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9161 is broken unless you also enable SID 4583).
> > WARNING: SID 9268 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9268 is broken unless you also enable SID 4583).
> > WARNING: SID 9198 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9198 is broken unless you also enable SID 4583).
> > WARNING: SID 9149 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9149 is broken unless you also enable SID 4583).
> > WARNING: SID 9274 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9274 is broken unless you also enable SID 4583).
> > WARNING: SID 9223 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9223 is broken unless you also enable SID 4583).
> > WARNING: SID 9266 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9266 is broken unless you also enable SID 4583).
> > WARNING: SID 9309 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9309 is broken unless you also enable SID 4583).
> > WARNING: SID 9284 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9284 is broken unless you also enable SID 4583).
> > WARNING: SID 9228 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9228 is broken unless you also enable SID 4583).
> > WARNING: SID 9206 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9206 is broken unless you also enable SID 4583).
> > WARNING: SID 9133 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9133 is broken unless you also enable SID 4583).
> > WARNING: SID 9297 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9297 is broken unless you also enable SID 4583).
> > WARNING: SID 9237 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9237 is broken unless you also enable SID 4583).
> > WARNING: SID 9314 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9314 is broken unless you also enable SID 4583).
> > WARNING: SID 9188 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9188 is broken unless you also enable SID 4583).
> > WARNING: SID 9310 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9310 is broken unless you also enable SID 4583).
> > WARNING: SID 9323 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9323 is broken unless you also enable SID 4583).
> > WARNING: SID 9157 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9157 is broken unless you also enable SID 4583).
> > WARNING: SID 9183 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9183 is broken unless you also enable SID 4583).
> > WARNING: SID 9225 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9225 is broken unless you also enable SID 4583).
> > WARNING: SID 9272 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9272 is broken unless you also enable SID 4583).
> > WARNING: SID 9251 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9251 is broken unless you also enable SID 4583).
> > WARNING: SID 9147 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9147 is broken unless you also enable SID 4583).
> > WARNING: SID 9286 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9286 is broken unless you also enable SID 4583).
> > WARNING: SID 9171 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9171 is broken unless you also enable SID 4583).
> > WARNING: SID 9185 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9185 is broken unless you also enable SID 4583).
> > WARNING: SID 9230 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9230 is broken unless you also enable SID 4583).
> > WARNING: SID 9264 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9264 is broken unless you also enable SID 4583).
> > WARNING: SID 9306 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9306 is broken unless you also enable SID 4583).
> > WARNING: SID 9160 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9160 is broken unless you also enable SID 4583).
> > WARNING: SID 9195 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9195 is broken unless you also enable SID 4583).
> > WARNING: SID 9316 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9316 is broken unless you also enable SID 4583).
> > WARNING: SID 9178 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9178 is broken unless you also enable SID 4583).
> > WARNING: SID 9159 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9159 is broken unless you also enable SID 4583).
> > WARNING: SID 9239 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9239 is broken unless you also enable SID 4583).
> > WARNING: SID 9134 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9134 is broken unless you also enable SID 4583).
> > WARNING: SID 9281 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9281 is broken unless you also enable SID 4583).
> > WARNING: SID 9145 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9145 is broken unless you also enable SID 4583).
> > WARNING: SID 9320 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9320 is broken unless you also enable SID 4583).
> > WARNING: SID 9258 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9258 is broken unless you also enable SID 4583).
> > WARNING: SID 9181 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9181 is broken unless you also enable SID 4583).
> > WARNING: SID 9318 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9318 is broken unless you also enable SID 4583).
> > WARNING: SID 9270 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9270 is broken unless you also enable SID 4583).
> > WARNING: SID 9227 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9227 is broken unless you also enable SID 4583).
> > WARNING: SID 9233 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9233 is broken unless you also enable SID 4583).
> > WARNING: SID 9218 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9218 is broken unless you also enable SID 4583).
> > WARNING: SID 9313 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9313 is broken unless you also enable SID 4583).
> > WARNING: SID 9226 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9226 is broken unless you also enable SID 4583).
> > WARNING: SID 9199 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9199 is broken unless you also enable SID 4583).
> > WARNING: SID 9263 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9263 is broken unless you also enable SID 4583).
> > WARNING: SID 9180 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9180 is broken unless you also enable SID 4583).
> > WARNING: SID 9279 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9279 is broken unless you also enable SID 4583).
> > WARNING: SID 9136 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9136 is broken unless you also enable SID 4583).
> > WARNING: SID 9143 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9143 is broken unless you also enable SID 4583).
> > WARNING: SID 9173 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9173 is broken unless you also enable SID 4583).
> > WARNING: SID 9283 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9283 is broken unless you also enable SID 4583).
> > WARNING: SID 9222 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9222 is broken unless you also enable SID 4583).
> > WARNING: SID 9207 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9207 is broken unless you also enable SID 4583).
> > WARNING: SID 9220 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9220 is broken unless you also enable SID 4583).
> > WARNING: SID 9315 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9315 is broken unless you also enable SID 4583).
> > WARNING: SID 9231 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9231 is broken unless you also enable SID 4583).
> > WARNING: SID 9236 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9236 is broken unless you also enable SID 4583).
> > WARNING: SID 9140 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9140 is broken unless you also enable SID 4583).
> > WARNING: SID 9249 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9249 is broken unless you also enable SID 4583).
> > WARNING: SID 9311 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9311 is broken unless you also enable SID 4583).
> > WARNING: SID 9267 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9267 is broken unless you also enable SID 4583).
> > WARNING: SID 9261 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9261 is broken unless you also enable SID 4583).
> > WARNING: SID 9196 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9196 is broken unless you also enable SID 4583).
> > WARNING: SID 9285 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9285 is broken unless you also enable SID 4583).
> > WARNING: SID 9148 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9148 is broken unless you also enable SID 4583).
> > WARNING: SID 9277 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9277 is broken unless you also enable SID 4583).
> > WARNING: SID 9162 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9162 is broken unless you also enable SID 4583).
> > WARNING: SID 9150 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9150 is broken unless you also enable SID 4583).
> > WARNING: SID 9170 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9170 is broken unless you also enable SID 4583).
> > WARNING: SID 9235 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9235 is broken unless you also enable SID 4583).
> > WARNING: SID 9175 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9175 is broken unless you also enable SID 4583).
> > WARNING: SID 9229 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9229 is broken unless you also enable SID 4583).
> > WARNING: SID 9205 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9205 is broken unless you also enable SID 4583).
> > WARNING: SID 9132 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9132 is broken unless you also enable SID 4583).
> > WARNING: SID 9186 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9186 is broken unless you also enable SID 4583).
> > WARNING: SID 9177 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9177 is broken unless you also enable SID 4583).
> > WARNING: SID 9317 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9317 is broken unless you also enable SID 4583).
> > WARNING: SID 9299 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9299 is broken unless you also enable SID 4583).
> > WARNING: SID 9322 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9322 is broken unless you also enable SID 4583).
> > WARNING: SID 9257 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9257 is broken unless you also enable SID 4583).
> > WARNING: SID 9224 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9224 is broken unless you also enable SID 4583).
> > WARNING: SID 9273 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9273 is broken unless you also enable SID 4583).
> > WARNING: SID 9275 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9275 is broken unless you also enable SID 4583).
> > WARNING: SID 9280 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9280 is broken unless you also enable SID 4583).
> > WARNING: SID 9151 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9151 is broken unless you also enable SID 4583).
> > WARNING: SID 9221 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9221 is broken unless you also enable SID 4583).
> > WARNING: SID 9158 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9158 is broken unless you also enable SID 4583).
> > WARNING: SID 9287 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9287 is broken unless you also enable SID 4583).
> > WARNING: SID 9269 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9269 is broken unless you also enable SID 4583).
> > WARNING: SID 9238 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9238 is broken unless you also enable SID 4583).
> > WARNING: SID 9146 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9146 is broken unless you also enable SID 4583).
> > WARNING: SID 9172 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9172 is broken unless you also enable SID 4583).
> > WARNING: SID 9135 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9135 is broken unless you also enable SID 4583).
> > WARNING: SID 9137 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9137 is broken unless you also enable SID 4583).
> > WARNING: SID 9278 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9278 is broken unless you also enable SID 4583).
> > WARNING: SID 9319 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9319 is broken unless you also enable SID 4583).
> > WARNING: SID 9194 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9194 is broken unless you also enable SID 4583).
> > WARNING: SID 9262 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9262 is broken unless you also enable SID 4583).
> > WARNING: SID 9174 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9174 is broken unless you also enable SID 4583).
> > WARNING: SID 9182 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9182 is broken unless you also enable SID 4583).
> > WARNING: SID 9209 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9209 is broken unless you also enable SID 4583).
> > WARNING: SID 9321 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9321 is broken unless you also enable SID 4583).
> > WARNING: SID 9184 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9184 is broken unless you also enable SID 4583).
> > WARNING: SID 9179 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9179 is broken unless you also enable SID 4583).
> > WARNING: SID 9193 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9193 is broken unless you also enable SID 4583).
> > WARNING: SID 9271 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9271 is broken unless you also enable SID 4583).
> > WARNING: SID 9305 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9305 is broken unless you also enable SID 4583).
> > WARNING: SID 9242 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9242 is broken unless you also enable SID 4583).
> > WARNING: SID 9210 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9210 is broken unless you also enable SID 4583).
> > WARNING: SID 9265 depends on flowbit "dce.bind.netware_cs" which is set in 
> > INACTIVE SID 4583 (SID 9265 is broken unless you also enable SID 4583).


-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs