Re: [Snort-users] RE: [Snort-sigs] Any new rules coming out ofsnort.org?
This is a discussion on Re: [Snort-users] RE: [Snort-sigs] Any new rules coming out ofsnort.org? within the Snort forums, part of the System Security and Security Related category; Just thought I should jump in here and clarify a couple things. On March 28th, a VRT Certified Ruleset was ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-31-2005
|
|||
|
|||
Re: [Snort-users] RE: [Snort-sigs] Any new rules coming out ofsnort.org?
Just thought I should jump in here and clarify a couple things.
On March 28th, a VRT Certified Ruleset was released to subscribers that contained new rules for vulnerabilities in MySQL, ARCserver, and Oracle. 3528 - MySQL CREATE Function attempt 3526 - Oracle XDB FTP Unlock overflow 3530 - ArcServe backup UDP msg 0x99 overflow We also included new FTP Bounce rule that utilizes new detection capabilities that are in the 2.4 Branch of Snort. Additionally there were a number of updates made to previously released rules to improve their accuracy. For a complete list of changes see the changelog at http://www.snort.org/rules/docs/rule...005-03-28.html. As a side note, this ruleset includes the rules used by NSS for their recent Gigabit IDS Test Registered users will be able to get this content on 4/2. Additionally an updated Community Rule Pack will be out shortly. Cheers Matthew Watchinski Director, Vulnerability Research Team Sourcefire, Inc. Arseneault, Thomas (HQP) wrote: >I know all about how subscription vs. registered works, my point was >that the previous poster said that there have been two releases since >the 16th and there hasn't been, not to the general public anyway. I also >use oinkmaster and I frequently see updates to the bleeding set but only >once from snort.org for either the vrt or community rule sets, back near >the 16th. I just checked the output of my update (which I have >automatically done at 12:30 every morning) and saw no updates for vrt or >community but oinkmaster did function properly, it processed the rule >sets but just did not find anything had changed (Just to be sure I ran >the update script by hand to watch for error messages that might not >have made it into the logs and it worked flawlessly, downloaded all the >files, unpacked them and checked for changes, found none and exited). > >Tom > > >-----Original Message----- >From: Briggs, Bruce [mailto:Bruce.Briggs@suny.edu] >Sent: Thursday, March 31, 2005 7:12 AM >To: Arseneault, Thomas (HQP) >Cc: snort-users >Subject: RE: [Snort-users] RE: [Snort-sigs] Any new rules coming out >ofsnort.org? > >Have you registered on the Snort site? >If not, then you won't get updates until the next Snort release. >http://www.snort.org/rules/ > Subscribers receive real-time rules updates as they are available - >Learn more about subscription highlights here > Registered users can access rule updates 5 days after release to >subscription users. > Unregistered users receive a static ruleset at the time of each major >Snort Release > >I am registered, and I see some updated rules files from my Oinkmaster >update done yesterday. > >Bruce > >-----Original Message----- >From: snort-users-admin@lists.sourceforge.net >[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of >Arseneault, Thomas (HQP) >Sent: Wednesday, March 30, 2005 6:23 PM >To: Ron Jenkins; Matt Kettler >Cc: snort-users >Subject: RE: [Snort-users] RE: [Snort-sigs] Any new rules coming out of >snort.org? > >I just downloaded the latest ruleset from >http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkmaster >code>/snortrules-snapshot-2.3.tar.gz and I found that all the included >files were dated 3/16 none were any later. I did see a see an email from >the 28th about a "VRT Certified Rules Update" but nothing so far. > >Tom Arseneault >Security Engineer >Robert Half International > > >-----Original Message----- >From: snort-users-admin@lists.sourceforge.net >[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Ron >Jenkins >Sent: Wednesday, March 30, 2005 1:43 PM >To: Matt Kettler >Cc: snort-users >Subject: [Snort-users] RE: [Snort-sigs] Any new rules coming out of >snort.org? > >There has been two set of rules since then for registered and >subscribers users. > > > >-----Original Message----- >From: snort-sigs-admin@lists.sourceforge.net >[mailto:snort-sigs-admin@lists.sourceforge.net] On Behalf Of Matt >Kettler >Sent: Wednesday, March 30, 2005 3:45 PM >To: Tom Currie, Consultant >Cc: snort-sigs@lists.sourceforge.net >Subject: Re: [Snort-sigs] Any new rules coming out of snort.org? > >Tom Currie, Consultant wrote: > > > >>I see that I have new rules all the time from bleeding-snort, but I >> >> >have not had > > >>any new rules from snort.org since March 16th. (based on oinkmaster). >> >>I an still getting downloads of the tgz sig file, but it's frozen in >> >> >time. Is > > >>it deprecated and I should just move on, or what? >> >> >> >See the website: >http://www.snort.org/rules/ > > > > >------------------------------------------------------- >This SF.net email is sponsored by Demarc: >A global provider of Threat Management Solutions. >Download our HomeAdmin security software for free today! >http://www.demarc.com/info/Sentarus/hamr30 >_______________________________________________ >Snort-sigs mailing list >Snort-sigs@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/snort-sigs > > >------------------------------------------------------- >This SF.net email is sponsored by Demarc: >A global provider of Threat Management Solutions. >Download our HomeAdmin security software for free today! >http://www.demarc.com/info/Sentarus/hamr30 >_______________________________________________ >Snort-users mailing list >Snort-users@lists.sourceforge.net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/...fo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.php3?list=ort-users > > > > >------------------------------------------------------- >This SF.net email is sponsored by Demarc: >A global provider of Threat Management Solutions. >Download our HomeAdmin security software for free today! >http://www.demarc.com/info/Sentarus/hamr30 >_______________________________________________ >Snort-users mailing list >Snort-users@lists.sourceforge.net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/...fo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.php3?list=ort-users > > > > >------------------------------------------------------- >This SF.net email is sponsored by Demarc: >A global provider of Threat Management Solutions. >Download our HomeAdmin security software for free today! >http://www.demarc.com/info/Sentarus/hamr30 >_______________________________________________ >Snort-users mailing list >Snort-users@lists.sourceforge.net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/...fo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.php3?list=ort-users > > > ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
