|
|
Re: Allaplw Trojan Sig: msg#00117security.ids.snort.bleedingsnort
On Mon, 2007-01-15 at 14:12 -0500, Matt Jonkman wrote: > I did something similar, and spread it out to 2 sigs to get in and out. > > http://www.bleedingthreats.net/cgi-bin/viewcvs.cgi/sigs/VIRUS/WORM_Allaple?view=markup > > That what you had in mind? Good. I was about to say, you should optimize it so that the type and code checks are done before the content check. Remember, faster option checks first. Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Bleeding-sigs mailing list Bleeding-sigs-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt@xxxxxxxxxxxxxxxx http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Error With Flowbit dce.bind.netware_cs: 00117, Bamm Visscher |
|---|---|
| Next by Date: | Re: Allaplw Trojan Sig: 00117, M. Shirk |
| Previous by Thread: | Re: Allaplw Trojan Sigi: 00117, Matt Jonkman |
| Next by Thread: | Re: Allaplw Trojan Sig: 00117, M. Shirk |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |
