Snort Mailing List

Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

List Archives

Latest Posts

Re: How can i solve this problem? Zackary McKay via Snort-devel (May 17)
Thank you

Sent via the Samsung Galaxy S22 Ultra 5G, an AT&T 5G smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of OK via Snort-devel <snort-devel () lists snort
org>
Sent: Thursday, May 16, 2024 7:11:01 PM
To: snort-devel () lists snort org <snort-devel () lists snort org>
Subject: [Snort-devel] How can i...

Re: How can i solve this problem? Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) via Snort-devel (May 17)
3.1.0.0 version is pretty old.
Many bugs have been fixed since then.

I think, updating to the latest version will fix the problem.

Regards,
Alexey

How can i solve this problem? OK via Snort-devel (May 16)
,,_ -*> Snort++ <*-
o" )~ Version 3.1.0.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.0
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 1.1.1f 31 Mar 2020...

Snort Subscriber Rules Update 2024-05-16 Research via Snort-sigs (May 16)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2024-05-14 Research via Snort-sigs (May 14)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2024-29996:
A coding deficiency exists in Microsoft Windows Common Log File System
Driver that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 63427 through...

Rules issue with 3.1.84.0 Norbert Furlani via Snort-sigs (May 13)
Hi,

There seems to be no ruleset snortrules-snapshot-3180 which I presume is needed to work with the latest snort Version
3.1.84.0?

I've tried subscription ruleset 3.1.47.0 but when I launch snort I get
errors in trying to load the rules .

e.g

ERROR: ./rules/snort.rules:22223 SO rule 58573 not loaded

Community rules work and load with no issue.

Do I need to compile an older rev. of snort? Or is there some way to get latest version...

Pfsense + snort Daniel Reuben via Snort-sigs (May 13)
Hello,

We currently have two IPS/IDS setup, both on LAN side with snort rules applied. We are noticing that inbound traffic is
coming from internal IPs exclusively. We would like to be able to receive internal and external IPs, what would be the
best course of action?

Would we have to create 4 ids/ips interfaces in total? LAN and WAN on one side of the network, and LAN and WAN on the
other side? If we were to do this, can we have independent...

Snort Subscriber Rules Update 2024-05-09 Research via Snort-sigs (May 09)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
file-other, policy-other, protocol-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2024-05-07 Research via Snort-sigs (May 07)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, netbios, os-windows, policy-other, protocol-dns,
server-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2024-05-02 Research via Snort-sigs (May 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc,
malware-other, os-windows, policy-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2024-04-30 Research via Snort-sigs (Apr 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-office,
malware-cnc, os-windows, policy-other, server-other and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Discrepancy between NVD list and available snort rules for Rockwell equipment.. Steve Matthews (stmatthe) via Snort-sigs (Apr 29)
We have a concern from an end customer who uses a lot of Rockwell equipment..

They used this tool:
https://www.snort.org/rule_docs?utf8=%E2%9C%93&search_type=standard&simple_search%5Bsid_or_explanation_or_message_or_cves_cve_key_i_cont%5D=rockwell&submit_rule_search=
And found 34 rules matching Rockwell.

Then, they used this tool:...

Re: Multi Pattern Search Engine Plugin Vlad Ulmeanu via Snort-devel (Apr 29)
Hi Russ,

Sorry for the late answer. The patch wasn't meant to change the results.
Did you mean that no extra output appeared?

I narrowed down the pcap to the packet that produced the matches (link
<https://drive.google.com/file/d/15b8qw8lu2QB0K464cyOJ4wYNTOBSllrK/view?usp=sharing>).
Now we don't need `can_debug` or the deques. However, now snort doesn't
query anymore on exactly:

```
T = 0 0 0 0 243 127 95 75 189 112 255 71...

Snort Subscriber Rules Update 2024-04-24 Research via Snort-sigs (Apr 24)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
malware-cnc, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2024-04-23 Research via Snort-sigs (Apr 23)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
os-windows and server-webapp rule sets to provide coverage for emerging
threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

More Lists

Dozens of other network security lists are archived at SecLists.Org.