logo       
<prev   next>

Identical rules: msg#00185

security.ids.snort.sigs

Subject: Identical rules

Question... Rule 718

alert tcp $TELNET_SERVERS 23 -> $EXTERNAL_NET any (msg:"TELNET login
incorrect"; flow:from_server,established; content:"Login incorrect";
reference:arachnids,127; classtype:bad-unknown; sid:718; rev:7;)

And rule 1251

alert tcp $HOME_NET 23 -> $EXTERNAL_NET any (msg:"INFO TELNET Bad
Login"; flow:from_server,established; content:"Login incorrect"; nocase;
classtype:bad-unknown; sid:1251; rev:6;)

Wouldn't it be easier to remove #718?

Joel


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=click
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bleedingsnort.com Daily Update: 00185, Matt Jonkman
Next by Date:  Bleedingsnort.com Daily Update: 00185, matt
Previous by Thread:  False positive alert: sid:2570i: 00185, Michael Schwartzkopff
Next by Thread:  False Positive with SID 2329 "MS-SQL probe response overflow attempt": 00185, Joerg Weber
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise