Snort mailing list archives
Re: Current rules
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 31 Oct 2012 12:03:36 -0400
The official list: app-detect.rules attack-responses.rules backdoor.rules bad-traffic.rules blacklist.rules botnet-cnc.rules browser-chrome.rules browser-firefox.rules browser-ie.rules browser-other.rules browser-plugins.rules browser-webkit.rules chat.rules content-replace.rules ddos.rules deleted.rules dns.rules dos.rules experimental.rules exploit-kit.rules exploit.rules file-executable.rules file-flash.rules file-identify.rules file-image.rules file-multimedia.rules file-office.rules file-other.rules file-pdf.rules finger.rules ftp.rules icmp-info.rules icmp.rules imap.rules indicator-compromise.rules indicator-obfuscation.rules indicator-shellcode.rules info.rules local.rules malware-backdoor.rules malware-cnc.rules malware-other.rules malware-tools.rules misc.rules multimedia.rules mysql.rules netbios.rules nntp.rules oracle.rules os-linux.rules os-other.rules os-solaris.rules os-windows.rules other-ids.rules p2p.rules phishing-spam.rules policy-multimedia.rules policy-other.rules policy.rules policy-social.rules policy-spam.rules pop2.rules pop3.rules protocol-finger.rules protocol-ftp.rules protocol-icmp.rules protocol-imap.rules protocol-pop.rules protocol-services.rules protocol-voip.rules pua-adware.rules pua-other.rules pua-p2p.rules pua-toolbars.rules rpc.rules rservices.rules scada.rules scan.rules server-apache.rules server-iis.rules server-mail.rules server-mssql.rules server-mysql.rules server-oracle.rules server-other.rules server-webapp.rules shellcode.rules smtp.rules snmp.rules specific-threats.rules spyware-put.rules sql.rules telnet.rules tftp.rules virus.rules voip.rules web-activex.rules web-attacks.rules web-cgi.rules web-client.rules web-coldfusion.rules web-frontpage.rules web-iis.rules web-misc.rules web-php.rules x11.rules However, some of those are now empty. attack-responses.rules backdoor.rules bad-traffic.rules botnet-cnc.rules chat.rules ddos.rules finger.rules ftp.rules icmp.rules imap.rules info.rules misc.rules multimedia.rules mysql.rules oracle.rules other-ids.rules p2p.rules phishing-spam.rules policy.rules pop2.rules pop3.rules rservices.rules shellcode.rules smtp.rules virus.rules voip.rules web-activex.rules web-attacks.rules web-cgi.rules web-coldfusion.rules web-iis.rules web-misc.rules web-php.rules On Wed, Oct 31, 2012 at 11:35 AM, James Lay <jlay () slave-tothe-box net>wrote:
Team, As the recategorization takes place, I wanted to ask about the current list of rulesets that have rules in them. So far this is what I have: app-detect.rules blacklist.rules botnet-cnc.rules browser-chrome.rules browser-firefox.rules browser-ie.rules browser-other.rules browser-plugins.rules browser-webkit.rules content-replace.rules deleted.rules dns.rules dos.rules exploit-kit.rules exploit.rules exploit.rules## file-executable.rules file-flash.rules file-identify.rules file-image.rules file-multimedia.rules file-office.rules file-other.rules file-pdf.rules icmp-info.rules indicator-compromise.rules indicator-obfuscation.rules indicator-shellcode.rules malware-backdoor.rules malware-cnc.rules malware-other.rules malware-tools.rules misc.rules netbios.rules nntp.rules os-linux.rules os-other.rules os-solaris.rules os-windows.rules policy-multimedia.rules policy-other.rules policy-social.rules policy-spam.rules protocol-finger.rules protocol-ftp.rules protocol-icmp.rules protocol-imap.rules protocol-pop.rules protocol-services.rules protocol-voip.rules pua-adware.rules pua-other.rules pua-p2p.rules pua-toolbars.rules rpc.rules scada.rules scan.rules server-apache.rules server-iis.rules server-mail.rules server-mssql.rules server-mysql.rules server-oracle.rules server-other.rules server-webapp.rules snmp.rules specific-threats.rules spyware-put.rules sql.rules telnet.rules tftp.rules web-client.rules web-frontpage.rules web-misc.rules x11.rules Does anyone know if this is the full list? Am I missing anything? Thank you. James ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Current rules James Lay (Oct 31)
- Re: Current rules Joel Esler (Oct 31)
- Re: Current rules James Lay (Oct 31)
- Re: Current rules Joel Esler (Oct 31)
- Re: Current rules James Lay (Oct 31)
- Re: Current rules Joel Esler (Oct 31)