Re: Broken 1429.2 (POLICY poll.gotomypc.com access)

On Mon, Oct 11, 2004 at 07:58:04PM -0500, Matt Jonkman wrote:
> Wait, spoke too soon. Wasn't aware that snort.org had brought that
> rule in.
> 
> The one we have at bleedingsnort was already on the new IP. But if
> the snort folks are going to update we'll take our rule out. Didn't
> know it went over there. Ours is sid 2000309.

Please look at the timestamps of when those rules were added, then
correct your statement.

The rule in question was added to Snort's ruleset on November 6th,
2002 at 1:35 PM.  (version 1.27 of policy.rules) Your rule was added
June 8th 2004 at 4:13 PM.  (version 1.24 of bleeding.rules)

Also note, your rule misses some gotomypc traffic.  While the majority
of the traffic generated by gotomypc is TCP, at one point in time a
UDP client was available.  

Thats alright, thats ok, <insert some whitty statement that a
cheerleader might spout out at a football game here>.

Brian


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl