Snort mailing list archives
Re: Snort-users Digest, Vol 106, Issue 55
From: Jerry Jarreau <jarreau69 () gmail com>
Date: Sat, 21 Mar 2015 12:39:15 -0500
unsubscribe On Sat, Mar 21, 2015 at 7:00 AM, <snort-users-request () lists sourceforge net> wrote:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." When responding, please don't respond with the entire Digest. Please trim your response. Today's Topics: 1. Need an efficient way to generate rules for URL Filtering (Rishabh Shah) 2. ET POLICY Vulnerable Java Version 1.8.x Detected (Jonathon Elwood) ---------------------------------------------------------------------- Message: 1 Date: Fri, 20 Mar 2015 17:35:04 +0530 From: Rishabh Shah <rishabh420 () gmail com> Subject: [Snort-users] Need an efficient way to generate rules for URL Filtering To: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <CA+bv3PNV7kuJpP+prjRYWgC6_YXztzCp7K8ZUzN-fe+jD_b= ug () mail gmail com> Content-Type: text/plain; charset="utf-8" Hi Snort Team, Hope you are doing well. I have a database of 1000 URLs that I want to block using Snort. Do I need to create 1000 separate rules to block each of them? Wouldn't there be a performance hit if I have a separate rule for each one of them(consider my database increases to 10K URLs)? Any alternatives that could achieve my aim? FYI, this is how my rule looks today: reject tcp any any -> any any (msg:"Blacklisted URL"; content:"youtube.com "; http_uri; react: msg;) -- Regards, Rishabh Shah. -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 2 Date: Fri, 20 Mar 2015 19:38:42 -0400 From: Jonathon Elwood <jaelwood () gmail com> Subject: [Snort-users] ET POLICY Vulnerable Java Version 1.8.x Detected To: snort-users () lists sourceforge net Message-ID: < CAMZEdsmXrVRS1z4ufAjnOONGCJrJKH6R+ELC5nwTTvOUUSmwOg () mail gmail com> Content-Type: text/plain; charset="utf-8" I'm running snort version 2.9.7.0 pkg v3.2.3 (this is pfsense version 2.2.1). I'm getting an alert for some of my machines that have Java installed (ET POLICY Vulnerable Java Version 1.8.x Detected). These are Windows 8.1 machines and I verified that I have the latest version of Java. Java version "1.8.0_40" Java(TM) SE Runtime Environment (build 1.8.0_40-b26) Any idea why snort would trigger this alert with this version of Java? -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 106, Issue 55 ********************************************
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Snort-users Digest, Vol 106, Issue 55 Jerry Jarreau (Mar 21)