[Snort-users] Bug report : out of date url,'s in signature set VRT_PR-2.4

I was rooting through some snort rules, and found that some of the url,'z arn't responding anymore.


So I wrote a quick tool to help find which ones are there and which ones arn't. I figured I could tell a man to fish, or give him a fishing pole.

http://www.grotto-group.com/~gulfie/...r.subpage.html

There are some false positives in the methodology, but the signal / noise ratio is okay.
Most of the problems are caused by domains becoming unregistered, or companies getting accuired.

Examples :
www.atstake.com , www.packetfocus.com , www.tlsecurity.net, etc.

Or www.wiretrip.net, which is still borked up.

False positives include :
http://cme.mitre.org/data/list.html#681
http://archives.neohapsis.com/archiv...0-q3/0168.html

not sure why.

The COMM-2.4 set seems to be clean save some false positives.

Some example output is :

http://www.grotto-group.com/~gulfie/...lmarkedup.html

Note : http://www.tlsecurity.net/backdoor/Dagger.1.4.html is nolonger responding.

http://www.grotto-group.com/~gulfie/...lmarkedup.html
Note : www.bugtraq.org is nolonger in the whois database.



Output for bunches of rules files: Bleeding, COMM-2.4 and VRT_PR-2.4

http://www.grotto-group.com/~gulfie/...cle.index.html




-gulfie





-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users