|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Duplicate SIDs recently?
From: Andreas Östling (andreaso
it.su.se)
Date: Mon Sep 26 2005 - 00:21:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 25 Sep 2005, Jeff Kell wrote:
> My last oinkmaster cycle (and retries since) have flagged duplicates with
> sourcefire sids:
...
> Grepping on SIDs I can't find any duplicates, making me think it's a goof in
> the downloaded packages. I'm using snort-2.4 rules plus current bleeding.
> Anyone else having this issue?
> Jeff
FYI, when Oinkmaster finds duplicate SIDs in the downloaded package it
will keep the one with the highest 'rev' and discard the other(s),
that's why you can't find any duplicates when grepping the result.
It would be nice if Sourcefire did some simple automated check so
duplicate SIDs never get published in the first place though.
/Andreas
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]