Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-users Digest, Vol 106, Issue 55

From: Jerry Jarreau <jarreau69 () gmail com>
Date: Sat, 21 Mar 2015 12:39:15 -0500
unsubscribe

On Sat, Mar 21, 2015 at 7:00 AM, <snort-users-request () lists sourceforge net>
wrote:


Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-owner () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


When responding, please don't respond with the entire Digest.  Please trim
your response.

Today's Topics:

   1. Need an efficient way to generate rules for URL   Filtering
      (Rishabh Shah)
   2. ET POLICY Vulnerable Java Version 1.8.x Detected (Jonathon Elwood)


----------------------------------------------------------------------

Message: 1
Date: Fri, 20 Mar 2015 17:35:04 +0530
From: Rishabh Shah <rishabh420 () gmail com>
Subject: [Snort-users] Need an efficient way to generate rules for URL
        Filtering
To: "snort-users () lists sourceforge net"
        <snort-users () lists sourceforge net>
Message-ID:
        <CA+bv3PNV7kuJpP+prjRYWgC6_YXztzCp7K8ZUzN-fe+jD_b=
ug () mail gmail com>
Content-Type: text/plain; charset="utf-8"

Hi Snort Team,

Hope you are doing well.

I have a database of 1000 URLs that I want to block using Snort. Do I need
to create 1000 separate rules to block each of them? Wouldn't there be a
performance hit if I have a separate rule for each one of them(consider my
database increases to 10K URLs)? Any alternatives that could achieve my
aim?

FYI, this is how my rule looks today:
reject tcp any any -> any any (msg:"Blacklisted URL"; content:"youtube.com
";
http_uri; react: msg;)

--
Regards,
Rishabh Shah.
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Fri, 20 Mar 2015 19:38:42 -0400
From: Jonathon Elwood <jaelwood () gmail com>
Subject: [Snort-users] ET POLICY Vulnerable Java Version 1.8.x
        Detected
To: snort-users () lists sourceforge net
Message-ID:
        <
CAMZEdsmXrVRS1z4ufAjnOONGCJrJKH6R+ELC5nwTTvOUUSmwOg () mail gmail com>
Content-Type: text/plain; charset="utf-8"

I'm running snort version 2.9.7.0 pkg v3.2.3 (this is pfsense version
2.2.1).

I'm getting an alert for some of my machines that have Java installed (ET
POLICY Vulnerable Java Version 1.8.x Detected).  These are Windows 8.1
machines and I verified that I have the latest version of Java.  Java
version "1.8.0_40" Java(TM) SE Runtime Environment (build 1.8.0_40-b26)

Any idea why snort would trigger this alert with this version of Java?
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website,
sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for
all
things parallel software development, from weekly thought leadership blogs
to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/

------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest, Vol 106, Issue 55
********************************************


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: