Snort mailing list archives
Re: [Emerging-Sigs] Snort 2.9 compatibility with ET rules?
From: Jun Wan <junwei_wan () hotmail com>
Date: Sat, 30 Oct 2010 04:05:40 +0000
Hi Mat, Thanks for the clarification, it's very much appreciated. Regards John Subject: Re: [Emerging-Sigs] Snort 2.9 compatibility with ET rules? From: jonkman () emergingthreatspro com Date: Fri, 29 Oct 2010 23:30:29 -0400 CC: emerging-sigs () emergingthreats net To: junwei_wan () hotmail com Hi Jun. I tried to answer you on the snort-users list but my email was suppressed I think. Answers inline: On Oct 29, 2010, at 11:07 PM, Jun Wan wrote: 1.) Are ET rulesets suitable for Snort 2.9 ??? Yes, just a few hours ago we got 2.9 and 2.4 finished and published. Go to http://rules.emergingthreats.net/ and pick your platform and ruleset. 2.) How can I download ET rulesets automatically similar to oinkmaster usage (with cron)??? Just like normal, pick the tarball you need and plug that into oink. It'll do the rest. I am able to download VRT rules and ET rules for Snort 2.8.6 via Oinkmaster (with cron), please see the following: sudo vi /usr/local/etc/oinkmaster.conf ..... url = http://www.snort.org/pub-bin/oinkmaster.cgi/a9393504xxxxxxxxxxxxxxxxxxdb292e/snortrules-snapshot-2860.tar.gz url = http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz ..... Also I noticed lots of duplicated SIDs during the update process, don't know why/how to fix. I'm guessing you're running vrt and the open ruleset, but those both have the old GPL sigs in there, sids 3464 and lower. If you want to use VRT and ET you need to use the ET open-nogpl sigs. Those do not include the gpl snort sigs or the old community sigs. That do it for you? Matt Any information and help would be much appreciated. Thanks. Regards John Date: Fri, 29 Oct 2010 16:09:31 -0400 From: jason.weir () nhrs org To: snort-users () lists sourceforge net Subject: Re: [Snort-users] URL to download VRT rules This is the oinkmaster url I use to get the ET ruleset url=http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz No oinkcode needed.... I can't answer you on the 2.9 compatibility you might as over on the et list.. http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs -J -----Original Message----- From: Alejandro Cabrera Obed [mailto:aco1967 () gmail com] Sent: Friday, October 29, 2010 3:56 PM To: Kevin Ross; snort-users () lists sourceforge net Subject: Re: [Snort-users] URL to download VRT rules OK, just two questions: 1) Are ET ruleset suitable for Snort 2.9 ??? Because I can't see the download link for this Snort version at http://rules.emergingthreats.net/ 2) How can I download ET ruleset automatically similar to oinkmaster usage (with cron)??? Thanks a lot 2010/10/28 Kevin Ross <kevross33 () googlemail com> I think you may also find use in the emergingthreats rules www.emergingthreats.net. Latest rulesets are here: http://rules.emergingthreats.net/open-nogpl/snort-2.8.4/emerging.rules.tar.gz I would recommend you upgrade though to at least snort 2.8.6.1 so you can make use of the improvements and http_modifiers. http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz In ET a lot of focus on malware command and control, malware, viruses and current things going on. A worthwhile ruleset to include to detect stuff within your network. Regards, Kevin On 28 October 2010 16:09, Alejandro Cabrera Obed <aco1967 () gmail com> wrote: Dear all, I've registered in snort.org to download the VRT rules....I have Snort 2.8.5.3. I use oinkmaster to download the rules, but what is the new URL I have to use: This:http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/<oinkcode> or this:http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2853.tar.gz Thanks a lot._____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html ---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: URL to download VRT rules, (continued)
- Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
- Re: URL to download VRT rules Joel Esler (Oct 28)
- Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
- Re: URL to download VRT rules Joel Esler (Oct 28)
- Re: URL to download VRT rules Weir, Jason (Oct 28)
- Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
- Re: URL to download VRT rules Weir, Jason (Oct 28)
- Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 28)
- Re: URL to download VRT rules Weir, Jason (Oct 28)
- Re: URL to download VRT rules Alejandro Cabrera Obed (Oct 29)
- Re: URL to download VRT rules Weir, Jason (Oct 29)
- Message not available
- Message not available
- Re: [Emerging-Sigs] Snort 2.9 compatibility with ET rules? Jun Wan (Oct 29)