We have created the engrel2 bundle to address the problems noted with the host sweeps,
particulary the Sig 3030 false negative on SQL Spyda sweeps on port 1433. (We were only
looking at low ports, so port 1433 was never counted).
Now, we have changed the behavior of the signatures 3030-3037 to be service sweeps
instead of a regular host sweeps. (See the README with the bundle on ftp-eng).
You can find the files on 'ftp-eng.cisco.com'.
The path is: /ftp/pub/titanium
Download the files:
CSIDS-313-engrel2.tar.Z and README
in ftp BINARY mode.
The README has installation instructions and a full description of the changes in this version.