[Emerging-Sigs] Duplicate Sig in bleeding-rbn
Reg Quinton
reggers at ist.uwaterloo.ca
Mon Jan 7 08:10:38 EST 2008
Bleeding-rbn.rules as retrieved from emerging threats Sat thru Mon has a sig
duplicate (and snort dies). I've commented out as follows:
[8:06am dominic] grep 2406003 bleeding-rbn.rules
# De-Dupe, error # alert ip [200.115.160/20] any -> $HOME_NET any
(msg:"BLEEDING-EDGE RBN Known Russian Business Network Traffic - Central
American Nets";
reference:url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork;
threshold:type limit, track by_src, seconds 60, count 1; sid:2406003;
rev:1;)
# De-Dupe, error # alert ip [72.232.197.83] any -> $HOME_NET any
(msg:"BLEEDING-EDGE RBN Known Russian Business Network Traffic - Known
Trojan C&Cs";
reference:url,doc.bleedingthreats.net/bin/view/Main/RussianBusinessNetwork;
threshold:type limit, track by_src, seconds 60, count 1; sid:2406003;
rev:5;)
More information about the Emerging-sigs
mailing list