[Emerging-Sigs] Properly handling dynamic IP rules (compromised, botcc, etc)

Korodev korodev at gmail.com
Mon Oct 11 11:15:50 EDT 2010


> Hmmm, good point there. If the list of ips decreases significantly then the end of the range rules are going to never update as a new rev will not be released.

Will there be any changes to the way the IP list rules are managed,
updated, and distributed in the new ruleset?

Did we ever reach a solution on distributing IP's across a set number
of rules to prevent sid'less alerts when the IP lists shrink? This
seems like a good time to address these along with the current
changes.

\\korodev


More information about the Emerging-sigs mailing list