CVS log for snort/Attic/backdoor.rules
	Help

Request diff between arbitrary revisions

* massive sync from current

* massive sync from CURRENT

* massive sync.  everything has an sid, no flows in enabled signatures.

NOTE: Signatures within a .rules file that are disabled are disabled FOR A
REASON!  If you re-enable signatures, you run the risk of breaking things.
Don't re-enable signatures without knowing WHY you want to do this.

* massive sync from CURRENT

* massive backport of sigs
(NOTE: The REVS are the same as CURRENT.  From now on, we will be doing
       maintance of signatures in 1.9 and backporting sigs back to STABLE)

* resynch rules
* prep build # for 1.8.4
* change build name
* update ChangeLog/News
* boundary condition checks for frag2

* yet another synch of signatures

* preliminary rule merge from the 1.9 branch ( sans experimental.rules )

* Massive sync of signatures from CURRENT

* synched rules & all related cruft to the stable tree.
  (this does not include experimental.rules)

*** empty log message ***

* oops. forgot the trailing ; after bumping the rev.

* add a classification to those rules without.
  (used misc-activity as the default)

* disabled a completely stupid rule

* Added copyright notices so that the Intrusion.com people might take our intellectual
  property a bit more seriously

* regen sid-msg.map
* correct a few msgs.
* add sid,rev to http dir listing
* corrected MSGs for a number of rules

* Added descriptions to many of the .rules files.  (More to come soon)
* cleaned up a few any any rules
* cleaned up the name of a few rules
* Created attack-responces.rules (for generic responces of known attacks)
* Created bad-traffic.rules (for signatures that shouldn't happen on a
  'good' network)
* normalized a few msgs.
* changed order telnet.rules to speed up the exploit signatures
* added sml3com access signature (need to write an overflow attempt sig,
  but don't have a 3com router to test it.  any takers?)

* cleaned up a huge amount of dup rules

Thanks to Jimmy Staggs for pointing out the duplicates

* A couple of broken rules that Marty caught

* Fixed typo
- noticed by Chad Dougherty

* added support for SID and REV.
* added sid-msg.map (maps SID to MSG)

SID is a unique ID for each rule.  REV is the rule revision.

Where did those come from?!?

* Changed default $HOME_NET to any (watch as marty changes it right back :P)
* Added classifications to almost every rule

NOTE:
We are currently using IDMEF's classifications.  This may change soon.
This is an extremely SIMPLE and well defined set of rule classifications
and priorities.  It is completely changeable.  Read sp_priority and
classification.conf for more information.

updated broken rules from last database export

Added x11.rules, x11.rules, and virus.rules

* Disabled reseerved bits scan detection, false positives for ECN traffic
  aren't detectable with the current code and I'm seeing a lot of noise
  out there about this...
* committed the new rules set from Forster/Caswell