Snort mailing list archives
Re: so_rule problem
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Fri, 1 Oct 2010 11:07:22 -0400
These rules are pre-compiled and are in the subscriber rule packs. They won't be available in the registered set until Oct 23rd. On Fri, 1 Oct 2010 07:47:10 -0700 (PDT), Jimmy Tharel wrote:
I'm trying to get my Snort installation to detect the latest ms10-070 vulnerability. According to http://www.snort.org/vrt/advisories/2010/09/23/vrt-rules-2010-09-23.html it should have been included in the rules released on the 23rd. Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 3, SIDs 17428 and 17429 When I compile the so_rules from source I don't see these 2 rules/sids (17428 and 17429). I used "snort -c /etc/snort/snort.conf --dump-dynamic-rules=/etc/snort/so_rules" to create the .rules files. I also went through several of the pre-compiled rules using the same method and didn't see these rules/sids there either. Just to be thorough I looked through all the normal rules and preproc_rules as well and didn't see them there either. Am I way off base in what I am doing or should these be showing up? Thanks, Jimmy
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev_______________________________________________
Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- so_rule problem Jimmy Tharel (Oct 01)
- Re: so_rule problem Nigel Houghton (Oct 01)
- Re: so_rule problem waldo kitty (Oct 01)
- Re: so_rule problem Nigel Houghton (Oct 01)
- rules update schedule (was: Re: so_rule problem) waldo kitty (Oct 01)
- Re: rules update schedule (was: Re: so_rule problem) Nigel Houghton (Oct 01)
- Re: so_rule problem Nigel Houghton (Oct 01)