[Emerging-Sigs] 2012204 and 2011766 detect the same thing?

waldo kitty wkitty42 at windstream.net
Wed Oct 26 15:38:33 EDT 2011


On 10/26/2011 15:22, Matthew Jonkman wrote:
> They are different detections, one is hitting the default from the tool uses, and one for the UA it commonly uses.
>
> MSG's can be changed, what would you suggest? I don't want to make them identical as they're different issues…
>
> Matt
>
>
> On Oct 26, 2011, at 3:02 PM, waldo kitty wrote:
>
>> On 10/26/2011 14:37, Kevin Ross wrote:
>>> Nothing more than extra detection in case one thing is changed.
>>
>> in that case, may i suggest that the MSG for 2012204 be adjusted to be closer in
>> format to the one in 2011766?
>>
>> 2012204 msg:"ET SCAN Modified Sipvicious Sundayddr Scanner (sipsscuser)";

change the existing 2012204 MSG to read as above... ??

>> 2011766 msg:"ET SCAN Modified Sipvicious User-Agent Detected (sundayddr)";




More information about the Emerging-sigs mailing list