It looks like it was added on March 9, 2010 in this commit: https://bitbucket.org/dcid/ossec-hids/changeset/51adbf4a392c
On Wed, Sep 7, 2011 at 3:21 PM, dan (ddp) <[email protected]> wrote: > 31108 is part of the web_rules.xml file. In fact, it's the second rule > in that file. > It seems something is wrong with your installation. > > On Wed, Sep 7, 2011 at 3:12 PM, Mike Disley > <[email protected]> wrote: >> Thanks but tried that and no joy. I think there might be an error in the >> code in the Immutable article. >> I get this error in ossec.log; >> >> rules_list: Signature ID '31108' not found. Invalid 'if_sid' >> >> Cheers, >> Mike >> >> >> ________________________________ >> From: [email protected] [mailto:[email protected]] On >> Behalf Of Frank Stefan Sundberg Solli >> Sent: Wednesday, September 07, 2011 2:48 PM >> To: [email protected] >> Subject: Re: [ossec-list] Detecting the Apache Range Header DoS Attack >> >> Thats local_rules >> >> On Wed, Sep 7, 2011 at 9:40 AM, Mike Disley >> <[email protected]> wrote: >>> >>> Excellent write up. Would you put this rule in the local_rules or >>> web_rules file? >>> >>> Cheers, >>> Mike >>> >>> >>> >>> -----Original Message----- >>> From: [email protected] [mailto:[email protected]] On >>> Behalf Of Michael Starks >>> Sent: Sunday, August 28, 2011 12:42 PM >>> To: [email protected] >>> Subject: [ossec-list] Detecting the Apache Range Header DoS Attack >>> >>> >>> http://www.immutablesecurity.com/index.php/2011/08/28/detecting-the-apache-range-header-dos-attack-with-ossec/ >>> >>> Testing of the rules and feedback appreciated. >> >> >> >> -- >> MVH/With regards >> >> Frank >> -- >> Name: Frank Stefan Sundberg Solli >> E-mail: [email protected] >> Web: http://fssol.blogspot.com >> GPG: 684119F4 >> >> >
