instant snort sigs for new vulnerabilites

[Steve McGhee <stevem () lmri ucsb edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


with all the fuss lately over the new apache worm, etc, id like to know
if my machine is getting hit (its patched, just being curious). i know
about mod_blowchunks, but im looking for something more general..

it seems to me that snort could see these attacks pretty easily.

is there a tool/method out there that will retrieve the *latest* snort
signatures automatically? for those of us not running snort via CVS, id
like a way to do something like cvsup, but _only_ update my ruleset
every night or whatever.

i cc: the freebsd team as this might be a cool (simple) port. (something
like /usr/ports/security/snort-signatures)

this could be helpful to people who are just curious, or maybe could
provide some good numbers to shock lazy sysadmins into actually patching
their machines.


..of course, this is all assuming there's someone out there writing
signatures  ;)

- --
- -steve

~  ..........................................................
~        Steve McGhee
~        Systems Administrator
~        Linguistic Minority Research Institute
~        UC Santa Barbara
~        phone: (805)893-2683
~        email: stevem () lmri ucsb edu

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Using PGP with Mozilla - http://enigmail.mozdev.org

iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns
BcxrxnUpvAJK3Sczy5nY4Ir5
=9LCO
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users