Share this post:
Responses (2)
-
Accepted Answer
A rule where? If you're talking about IDS/IPS, go to where the rules are (/etc/snort.d/rules/gpl) then do a:
This will tell you that rule 648 is in the shellcode.rules file. Edit the file and either delete the line or comment it out by putting a "#" at the front. Save the file and restart snort.grep sid:648 *.rules
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »