Snort mailing list archives
RE: Adware/Malware Rules List V2
From: "Darden, Patrick S." <darden () armc org>
Date: Fri, 5 Mar 2004 07:57:59 -0500
Krisa, You don't include any details of your setup, so forgive me if I start from the beginning: 1. make sure your snort machine is sharing a layer 2 fabric with your concentrator (e.g. external router, internet firewall, border gateway, etc.) by one of these methods: sensor, mirrored port on your switch, or a hub (yuck). 2. make sure snort has these rules turned on in snort.conf. E.g. if you have these rules in local.rules, uncomment out the local.rules line. 3. try sending out a false positive bia telnet or some such. E.g. start an http connection to the Flowgo homepage. Does it give you a warning? If none of these help, send me an email with your full situation so I can better help you. --Patrick Darden --Internetworking Manager --ARMC -----Original Message----- From: Rowland, Krisa W ERDC-ITL-MS Contractor [mailto:Krisa.W.Rowland () erdc usace army mil] Sent: Thursday, March 04, 2004 3:37 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] Adware/Malware Rules List V2 I have applied these rules to my signatures - but haven't seen ANY alerts and I am positive that I have plenty of users running Gator, etc. Can you tell me what I'm doing wrong?? -----Original Message----- From: Darden, Patrick S. [ mailto:darden () armc org <mailto:darden () armc org> ] Sent: Friday, February 27, 2004 11:57 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Adware/Malware Rules List V2 Many people have pointed out that I put the wrong link up. Sorry. Correcte link: http://www.armc.org/malware <http://www.armc.org/malware> It's not much, but it is there. --Patrick Darden --Internetworking Manager --ARMC ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356 <http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click> &alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Current thread:
- Adware/Malware Rules List V2 Darden, Patrick S. (Feb 27)
- <Possible follow-ups>
- RE: Adware/Malware Rules List V2 Rowland, Krisa W ERDC-ITL-MS Contractor (Mar 04)
- RE: Adware/Malware Rules List V2 Darden, Patrick S. (Mar 05)