Snort mailing list archives
Unsubscribe
From: "Richard Tyrrell" <Richard.Tyrrell () acs-inc com>
Date: Wed, 8 Jun 2011 08:13:20 +0100
Can you please remove me from the mailing list. Thanks Richard Richard Tyrrell Senior Technical Consultant Affiliated Computer Services Inc. A Xerox Company Hortonwood 37 Telford Shropshire TF1 7GT DDI 01952 607010 Office 01952 607000 www.acs-ito.co.uk snort-sigs-request () lists sourceforge net 07/06/2011 20:55 Please respond to snort-sigs () lists sourceforge net To snort-sigs () lists sourceforge net cc Subject Snort-sigs Digest, Vol 61, Issue 1 Send Snort-sigs mailing list submissions to snort-sigs () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-sigs or, via email, send a message with subject or body 'help' to snort-sigs-request () lists sourceforge net You can reach the person managing the list at snort-sigs-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-sigs digest..." Today's Topics: 1. Re: Son Benjamin invites you to use Boxbe (Joel Esler) 2. Sourcefire VRT Certified Snort Rules Update 2011-05-26 (Research) 3. Re: [Snort-users] Detecting cross reference at DNS decompression by a snort rule (fwd) (rmkml) 4. Sourcefire VRT Certified Snort Rules Update 2011-05-31 (Research) 5. Sourcefire VRT Certified Snort Rules Update 2011-06-02 (Research) 6. Sourcefire VRT Certified Snort Rules Update 2011-06-07 (Research) ---------------------------------------------------------------------- Message: 1 Date: Tue, 24 May 2011 18:10:47 -0400 From: Joel Esler <jesler () sourcefire com> Subject: Re: [Snort-sigs] Son Benjamin invites you to use Boxbe To: "Randal T. Rioux" <randy () procyonlabs com> Cc: Son Benjamin <yjson78 () gmail com>, snort-sigs () lists sourceforge net, Son Benjamin <invitations () boxbe com> Message-ID: <BANLkTimN4UscuDyJ=8CPU7REL4TVLNe8kA () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Son, You too have been unsubscribed On Tue, May 24, 2011 at 5:58 PM, Randal T. Rioux <randy () procyonlabs com>wrote:
May 16 jagged Enron executives use Uranus as lubricant to get soiled diapers out of weasels after applying Preparation H to your delicious light saber. On 5/9/2011 3:31 AM, Son Benjamin wrote:Boxbe | Contact Request I'm inviting you to join Boxbe. -Son Here's the link: https://www.boxbe.com/register?tc=7957261491_1329550994 This message was sent at the request of yjson78 () gmail com. If you
would
like to opt-out of Boxbe invitations, click here <
https://www.boxbe.com/unsubscribe?email=snort-sigs () lists sourceforge net&tc=7957261491_1329550994
. Boxbe, Inc. | 2390 Chestnut Street #201 | San Francisco, CA 94123
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
-------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Thu, 26 May 2011 14:46:05 -0400 (EDT) From: Research <research () sourcefire com> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-05-26 To: snort-sigs () lists sourceforge net Message-ID: <20110526184605.7C2616CC198 () sourcefire com> * PGP Signed by an unknown key Sourcefire VRT Certified Snort Rules Update Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the botnet-cnc, dos, exploit, netbios, phishing-spam, policy, scan, snmp, specific-threats, spyware-put, web-activex, web-client and x11 rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-05-26.html * Unknown Key * 0x15497F03(L) ------------------------------ Message: 3 Date: Fri, 27 May 2011 18:08:06 +0200 (CEST) From: rmkml <rmkml () yahoo fr> Subject: Re: [Snort-sigs] [Snort-users] Detecting cross reference at DNS decompression by a snort rule (fwd) To: snort-sigs () lists sourceforge net Message-ID: <alpine.LFD.2.01.1105271807520.2077@lenovo.localdomain> Content-Type: text/plain; charset="utf-8" FYI ---------- Forwarded message ---------- Date: Fri, 27 May 2011 12:18:35 +0200 (CEST) From: rmkml <rmkml () yahoo fr> To: anvari85 () gmail com Cc: snort-users () lists sourceforge net, rmkml () yahoo fr Subject: Re: [Snort-users] Detecting cross reference at DNS decompression by a snort rule Hi anvari85, Yes, it's a dns compression loop DoS... dns query "start" with compressed bytes (\xc0\x0e) at \xc0\x0c, at \xc0\x0e contains compressed bytes (\xc0\x0c): loop! a dns query never start with compressed bytes... (comments are welcome) Note, snort v2905 alert on zlip-2.pcap: 04/11-19:48:09.550140 [**] [116:98:1] (snort_decoder) WARNING: Long UDP packet, length field < payload length [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {UDP} 10.0.0.1:0 -> 146.84.28.88:0 Regards Rmkml On Fri, 27 May 2011, ???? ?????? wrote:
Hello.I want to write a snort rule to detect DNS exploit as a result of
endless cross referencing in DNS?compression message.?especially, I mean zlip-2.pcap packet ( zlip-2.pcap?).
can somebody help me?? Thanks.??
------------------------------ Message: 4 Date: Tue, 31 May 2011 15:00:14 -0400 (EDT) From: Research <research () sourcefire com> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-05-31 To: snort-sigs () lists sourceforge net Message-ID: <20110531190014.BCC016CC14A () sourcefire com> * PGP Signed by an unknown key Sourcefire VRT Certified Snort Rules Update Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the blacklist, botnet-cnc, dos, multimedia, oracle and web-client rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-05-31.html * Unknown Key * 0x15497F03(L) ------------------------------ Message: 5 Date: Thu, 2 Jun 2011 16:44:18 -0400 (EDT) From: Research <research () sourcefire com> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-06-02 To: snort-sigs () lists sourceforge net Message-ID: <20110602204418.12FEE6CC1AE () sourcefire com> * PGP Signed by an unknown key Sourcefire VRT Certified Snort Rules Update Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the backdoor, dos, exploit, netbios, policy, specific-threats, web-activex and web-misc rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-06-02.html * Unknown Key * 0x15497F03(L) ------------------------------ Message: 6 Date: Tue, 7 Jun 2011 15:50:40 -0400 (EDT) From: Research <research () sourcefire com> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2011-06-07 To: snort-sigs () lists sourceforge net Message-ID: <20110607195040.7A45C6CC09D () sourcefire com> * PGP Signed by an unknown key Sourcefire VRT Certified Snort Rules Update Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the blacklist, botnet-cnc, exploit, netbios, oracle, policy, rpc, specific-threats and web-misc rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-06-07.html * Unknown Key * 0x15497F03(L) ------------------------------ ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs End of Snort-sigs Digest, Vol 61, Issue 1 ***************************************** ______________________________________________________________________ This inbound email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Any opinions expressed are those of the author and do not necessarily represent the views of ACS. This email does not constitute either offer or acceptance of any contractually binding agreement; such offer or acceptance can only be communicated in writing. ACS reserves the right to monitor and intercept emails sent and received on our network. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- Unsubscribe go95 (May 18)
- Re: Unsubscribe Randal T. Rioux (May 24)
- Re: Unsubscribe Joel Esler (May 24)
- <Possible follow-ups>
- Unsubscribe Richard Tyrrell (Jun 08)
- Re: Unsubscribe Jamie Riden (Jun 08)
- Re: Unsubscribe Joel Esler (Jun 08)
- Re: Unsubscribe Jamie Riden (Jun 08)