Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14
From: Bryan Arenal <b.arenal () gmail com>
Date: Wed, 15 Sep 2010 09:10:53 -0600
Am I the only one who noticed that when downloading this rule update, it says that it's from August 12th? --- # wget http://www.snort.org/pub-bin/oinkmaster.cgi/ <OINKCODE>/snortrules-snapshot-2861.tar.gz --2010-09-15 14:55:20-- http://www.snort.org/pub-bin/oinkmaster.cgi/ <OINKCODE>/snortrules-snapshot-2861.tar.gz Resolving www.snort.org... 68.177.102.20 Connecting to www.snort.org|68.177.102.20|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://s3.amazonaws.com/snort.org/rules/*20100812*/snortrules-snapshot-2861.tar.gz?blah [following] --2010-09-15 14:55:21-- https://s3.amazonaws.com/snort.org/rules/*20100812* /snortrules-snapshot-2861.tar.gz?blah Resolving s3.amazonaws.com... 72.21.202.164 Connecting to s3.amazonaws.com|72.21.202.164|:443... connected. HTTP request sent, awaiting response... 200 OK --- Sure enough, those are the timestamps in the tarball as well: --- root@localhost [~/tmp/rules] # ls -ltr total 9760 -rw-r--r-- 1 root root 396 Aug 18 2002 cgi-bin.list -rw-r--r-- 1 root root 16724 Mar 10 2005 VRT-License.txt -rw-r--r-- 1 root root 1327 May 16 2005 experimental.rules -rw-r--r-- 1 root root 767 Jan 19 2010 Makefile.am -rw-r--r-- 1 root root 1512 Aug 12 17:37 x11.rules -rw-r--r-- 1 root root 52093 Aug 12 17:37 web-php.rules -rw-r--r-- 1 root root 158362 Aug 12 17:37 web-misc.rules -rw-r--r-- 1 root root 51639 Aug 12 17:37 web-iis.rules -rw-r--r-- 1 root root 13768 Aug 12 17:37 web-frontpage.rules -rw-r--r-- 1 root root 15411 Aug 12 17:37 web-coldfusion.rules -rw-r--r-- 1 root root 167839 Aug 12 17:37 web-client.rules -rw-r--r-- 1 root root 123693 Aug 12 17:37 web-cgi.rules -rw-r--r-- 1 root root 1470 Aug 12 17:37 web-attacks.rules -rw-r--r-- 1 root root 1921128 Aug 12 17:37 web-activex.rules -rw-r--r-- 1 root root 26603 Aug 12 17:37 voip.rules -rw-r--r-- 1 root root 1576 Aug 12 17:37 virus.rules -rw-r--r-- 1 root root 5566 Aug 12 17:37 tftp.rules -rw-r--r-- 1 root root 8067 Aug 12 17:37 telnet.rules -rw-r--r-- 1 root root 47132 Aug 12 17:37 sql.rules -rw-r--r-- 1 root root 552240 Aug 12 17:37 spyware-put.rules -rw-r--r-- 1 root root 183524 Aug 12 17:37 specific-threats.rules -rw-r--r-- 1 root root 7057 Aug 12 17:37 snmp.rules -rw-r--r-- 1 root root 49205 Aug 12 17:37 smtp.rules -rw-r--r-- 1 root root 8090 Aug 12 17:37 shellcode.rules -rw-r--r-- 1 root root 5112 Aug 12 17:37 scan.rules -rw-r--r-- 1 root root 15247 Aug 12 17:37 scada.rules -rw-r--r-- 1 root root 3987 Aug 12 17:37 rservices.rules -rw-r--r-- 1 root root 88695 Aug 12 17:37 rpc.rules -rw-r--r-- 1 root root 15112 Aug 12 17:37 pop3.rules -rw-r--r-- 1 root root 1048 Aug 12 17:37 pop2.rules -rw-r--r-- 1 root root 36085 Aug 12 17:37 policy.rules -rw-r--r-- 1 root root 22692 Aug 12 17:37 phishing-spam.rules -rw-r--r-- 1 root root 6434 Aug 12 17:37 p2p.rules -rw-r--r-- 1 root root 1493 Aug 12 17:37 other-ids.rules -rw-r--r-- 1 root root 196992 Aug 12 17:37 oracle.rules -rw-r--r-- 1 root root 1246 Aug 12 17:37 open-test.conf -rw-r--r-- 1 root root 5806 Aug 12 17:37 nntp.rules -rw-r--r-- 1 root root 214844 Aug 12 17:37 netbios.rules -rw-r--r-- 1 root root 13432 Aug 12 17:37 mysql.rules -rw-r--r-- 1 root root 6977 Aug 12 17:37 multimedia.rules -rw-r--r-- 1 root root 31912 Aug 12 17:37 misc.rules -rw-r--r-- 1 root root 199 Aug 12 17:37 local.rules -rw-r--r-- 1 root root 1043 Aug 12 17:37 info.rules -rw-r--r-- 1 root root 30718 Aug 12 17:37 imap.rules -rw-r--r-- 1 root root 5474 Aug 12 17:37 icmp.rules -rw-r--r-- 1 root root 16989 Aug 12 17:37 icmp-info.rules -rw-r--r-- 1 root root 33679 Aug 12 17:37 ftp.rules -rw-r--r-- 1 root root 4579 Aug 12 17:37 finger.rules -rw-r--r-- 1 root root 121557 Aug 12 17:37 exploit.rules -rw-r--r-- 1 root root 18664 Aug 12 17:37 dos.rules -rw-r--r-- 1 root root 10826 Aug 12 17:37 dns.rules -rw-r--r-- 1 root root 5042272 Aug 12 17:37 deleted.rules -rw-r--r-- 1 root root 8239 Aug 12 17:37 ddos.rules -rw-r--r-- 1 root root 8311 Aug 12 17:37 content-replace.rules -rw-r--r-- 1 root root 19811 Aug 12 17:37 chat.rules -rw-r--r-- 1 root root 23752 Aug 12 17:37 botnet-cnc.rules -rw-r--r-- 1 root root 40034 Aug 12 17:37 blacklist.rules -rw-r--r-- 1 root root 2830 Aug 12 17:37 bad-traffic.rules -rw-r--r-- 1 root root 317279 Aug 12 17:37 backdoor.rules -rw-r--r-- 1 root root 4647 Aug 12 17:37 attack-responses.rules --- Seriously, WTF? On Tue, Sep 14, 2010 at 14:56, Research <research () sourcefire com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourcefire VRT Certified Snort Rules Update Synopsis: The Sourcefire VRT is aware of vulnerabilities affecting Microsoft and Adobe products. Details: Microsoft Security Advisory MS10-061: The Microsoft Windows Print Spooler service contains a programming error that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting this vulnerability is included in this release and are identified with GID 3, SIDs 17252 and 17253. Microsoft Security Advisory MS10-062: Microsoft Windows Media Player contains a programming error that may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 17242. Microsoft Security Advisory MS10-063: Microsoft Windows XP and Vista contain a programming error that may allow a remote attacker to execute code on an affected system via the use of specially crafted Uniscribe fonts. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 17256. Microsoft Security Advisory MS10-064: Microsoft Outlook contains a programming error that may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 17251. Microsoft Security Advisory MS10-065: Microsoft Internet Information Server (IIS) contains a programming error that may allow a remote attacker to execute code on an affected system. Rules to detect attacks targeting this vulnerability is included in this release and are identified with GID 3, SIDs 17254 and 17255. Microsoft Security Advisory MS10-067: Microsoft WordPad contains a programming error that may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 17250. Microsoft Security Advisory MS10-068: Microsoft LSASS contains a programming error that may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 17249. Adobe Security Bulletin APSA10-03: Adobe Flash Player contains a programming error that may allow a remote attacker to execute code on an affected system. A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 17257. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2010-09-14.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFMj93jQcQOxItLLaMRAsX5AJ4ianhgCCaZKbrfhUEuEi/cMuoeFwCcDiKW p4fjDNq8FdKNeXEK0WUXPqU= =SaB4 -----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2010-09-14 Research (Sep 15)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 Bryan Arenal (Sep 15)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 Nigel Houghton (Sep 15)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 waldo kitty (Sep 15)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-09-14 Bryan Arenal (Sep 15)