Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Unsubscribe

From: "Richard Tyrrell" <Richard.Tyrrell () acs-inc com>
Date: Wed, 8 Jun 2011 08:13:20 +0100
Can you please remove me from the mailing list.

Thanks Richard


Richard Tyrrell
Senior Technical Consultant
Affiliated Computer Services Inc.
A Xerox Company
Hortonwood 37
Telford
Shropshire
TF1 7GT

DDI 01952 607010
Office 01952 607000

www.acs-ito.co.uk








snort-sigs-request () lists sourceforge net 
07/06/2011 20:55
Please respond to
snort-sigs () lists sourceforge net


To
snort-sigs () lists sourceforge net
cc

Subject
Snort-sigs Digest, Vol 61, Issue 1






Send Snort-sigs mailing list submissions to
                 snort-sigs () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
                 https://lists.sourceforge.net/lists/listinfo/snort-sigs
or, via email, send a message with subject or body 'help' to
                 snort-sigs-request () lists sourceforge net

You can reach the person managing the list at
                 snort-sigs-owner () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-sigs digest..."


Today's Topics:

   1. Re: Son Benjamin invites you to use Boxbe (Joel Esler)
   2. Sourcefire VRT Certified Snort Rules Update 2011-05-26 (Research)
   3. Re: [Snort-users] Detecting cross reference at DNS
      decompression by a snort rule (fwd) (rmkml)
   4. Sourcefire VRT Certified Snort Rules Update 2011-05-31 (Research)
   5. Sourcefire VRT Certified Snort Rules Update 2011-06-02 (Research)
   6. Sourcefire VRT Certified Snort Rules Update 2011-06-07 (Research)


----------------------------------------------------------------------

Message: 1
Date: Tue, 24 May 2011 18:10:47 -0400
From: Joel Esler <jesler () sourcefire com>
Subject: Re: [Snort-sigs] Son Benjamin invites you to use Boxbe
To: "Randal T. Rioux" <randy () procyonlabs com>
Cc: Son Benjamin <yjson78 () gmail com>,
                 snort-sigs () lists sourceforge net,               Son 
Benjamin <invitations () boxbe com>
Message-ID: <BANLkTimN4UscuDyJ=8CPU7REL4TVLNe8kA () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Son,

You too have been unsubscribed

On Tue, May 24, 2011 at 5:58 PM, Randal T. Rioux 
<randy () procyonlabs com>wrote:


May 16 jagged Enron executives use Uranus as lubricant to get soiled
diapers out of weasels after applying Preparation H to your delicious
light saber.

On 5/9/2011 3:31 AM, Son Benjamin wrote:

Boxbe | Contact Request

I'm inviting you to join Boxbe.

-Son

Here's the link:

https://www.boxbe.com/register?tc=7957261491_1329550994


This message was sent at the request of yjson78 () gmail com. If you 

would

like to opt-out of Boxbe invitations, click here
<



https://www.boxbe.com/unsubscribe?email=snort-sigs () lists sourceforge net&tc=7957261491_1329550994


.

Boxbe, Inc. | 2390 Chestnut Street #201 | San Francisco, CA 94123





------------------------------------------------------------------------------

vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Thu, 26 May 2011 14:46:05 -0400 (EDT)
From: Research <research () sourcefire com>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
                 2011-05-26
To: snort-sigs () lists sourceforge net
Message-ID: <20110526184605.7C2616CC198 () sourcefire com>


* PGP Signed by an unknown key


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
botnet-cnc, dos, exploit, netbios, phishing-spam, policy, scan, snmp,
specific-threats, spyware-put, web-activex, web-client and x11 rule
sets to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-05-26.html

* Unknown Key
* 0x15497F03(L)





------------------------------

Message: 3
Date: Fri, 27 May 2011 18:08:06 +0200 (CEST)
From: rmkml <rmkml () yahoo fr>
Subject: Re: [Snort-sigs] [Snort-users] Detecting cross reference at
                 DNS decompression by a snort rule (fwd)
To: snort-sigs () lists sourceforge net
Message-ID: <alpine.LFD.2.01.1105271807520.2077@lenovo.localdomain>
Content-Type: text/plain; charset="utf-8"

FYI


---------- Forwarded message ----------
Date: Fri, 27 May 2011 12:18:35 +0200 (CEST)
From: rmkml <rmkml () yahoo fr>
To: anvari85 () gmail com
Cc: snort-users () lists sourceforge net, rmkml () yahoo fr
Subject: Re: [Snort-users] Detecting cross reference at DNS decompression 
by a
     snort rule

Hi anvari85,
Yes, it's a dns compression loop DoS...
dns query "start" with compressed bytes (\xc0\x0e) at \xc0\x0c, at 
\xc0\x0e contains compressed bytes (\xc0\x0c): loop!
a dns query never start with compressed bytes... (comments are welcome)

Note, snort v2905 alert on zlip-2.pcap:
   04/11-19:48:09.550140  [**] [116:98:1] (snort_decoder) WARNING: Long 
UDP packet, length field < payload length [**] [Classification: Generic 
Protocol Command Decode] [Priority: 3] {UDP} 10.0.0.1:0 -> 146.84.28.88:0
Regards
Rmkml


On Fri, 27 May 2011, ???? ?????? wrote:


Hello.I want to write a snort rule to detect DNS exploit as a result of 

endless cross referencing in DNS?compression message.?especially, I mean 
zlip-2.pcap packet ( zlip-2.pcap?).

can somebody help me??
Thanks.??




------------------------------

Message: 4
Date: Tue, 31 May 2011 15:00:14 -0400 (EDT)
From: Research <research () sourcefire com>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
                 2011-05-31
To: snort-sigs () lists sourceforge net
Message-ID: <20110531190014.BCC016CC14A () sourcefire com>


* PGP Signed by an unknown key


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, botnet-cnc, dos, multimedia, oracle and web-client rule sets
to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-05-31.html

* Unknown Key
* 0x15497F03(L)





------------------------------

Message: 5
Date: Thu,  2 Jun 2011 16:44:18 -0400 (EDT)
From: Research <research () sourcefire com>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
                 2011-06-02
To: snort-sigs () lists sourceforge net
Message-ID: <20110602204418.12FEE6CC1AE () sourcefire com>


* PGP Signed by an unknown key


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
backdoor, dos, exploit, netbios, policy, specific-threats, web-activex
and web-misc rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-06-02.html

* Unknown Key
* 0x15497F03(L)





------------------------------

Message: 6
Date: Tue,  7 Jun 2011 15:50:40 -0400 (EDT)
From: Research <research () sourcefire com>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
                 2011-06-07
To: snort-sigs () lists sourceforge net
Message-ID: <20110607195040.7A45C6CC09D () sourcefire com>


* PGP Signed by an unknown key


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, botnet-cnc, exploit, netbios, oracle, policy, rpc,
specific-threats and web-misc rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-06-07.html

* Unknown Key
* 0x15497F03(L)





------------------------------

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev

------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


End of Snort-sigs Digest, Vol 61, Issue 1
*****************************************

______________________________________________________________________
This inbound email has been scanned by the MessageLabs Email Security 
System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________


CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) 
and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of 
the original message. Any opinions expressed are those of the author and do not necessarily represent the views of ACS. 
This email does not constitute either offer or acceptance of any contractually binding agreement; such offer or 
acceptance can only be communicated in writing. ACS reserves the right to monitor and intercept emails sent and 
received on our network. 

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Previous By Date Next
Previous By Thread Next

Current thread: