Snort mailing list archives
Re: Snort-sigs Digest, Vol 116, Issue 4
From: "Vaughn A. Hart" <vaughn () aegisitnyc com>
Date: Mon, 11 Jan 2016 18:30:32 -0500
awesome. Thank you very much. You guys need an intern? I work in IT but I'm not a security expert. Any suggestions on how to make a firewall secure? -Vaughn On Mon, Jan 11, 2016 at 3:46 PM, <snort-sigs-request () lists sourceforge net> wrote:
Send Snort-sigs mailing list submissions to
snort-sigs () lists sourceforge net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/snort-sigs
or, via email, send a message with subject or body 'help' to
snort-sigs-request () lists sourceforge net
You can reach the person managing the list at
snort-sigs-owner () lists sourceforge net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-sigs digest..."
Today's Topics:
1. Re: Security Ruleset - CVSS Level (Joel Esler (jesler))
2. Re: Security Ruleset - CVSS Level (Joel Esler (jesler))
----------------------------------------------------------------------
Message: 1
Date: Mon, 11 Jan 2016 20:42:05 +0000
From: "Joel Esler (jesler)" <jesler () cisco com>
Subject: Re: [Snort-sigs] Security Ruleset - CVSS Level
To: "Vaughn A. Hart" <vaughn () aegisitnyc com>
Cc: "snort-sigs () lists sourceforge net"
<snort-sigs () lists sourceforge net>
Message-ID: <39C4CFC8-E76D-452A-BB5A-6F523A70C907 () cisco com>
Content-Type: text/plain; charset="us-ascii"
Vaughn,
It appears we've isolated the issue. It would be fixed shortly. Thank
you for bringing this to our attention.
--
Joel Esler
Manager, Talos Group
Sent from my iPhone
On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler () cisco com<mailto:
jesler () cisco com>> wrote:
Vaughn,
Thanks for writing in.
So, there could be a couple things going on here, and I may have to get
with the Meraki team to diagnose the problem.
First off, if we take a look at the ruleset:
https://www.snort.org/advisories/talos-rules-2016-01-07
You can see the "enabled"/"Disabled" state of the ruleset as shipped.
Now, that means "Balanced". So if it's on in Balanced, it's on in
security, as the more stringent rulesets also contain the lighter ruleset
states, and sometimes make them "harsher".
That all being said, the Meraki device is a unique type of appliance. You
select the policy you want to run, and the system takes care of it for you.
So, there will be a couple things we'll have to diagnose here, and none of
which you need to do. I'll coordinate with the Meraki team to figure out
what needs to be done. Off the top of my head, it could be several things.
I'll follow up once I touch base with them.
Sent from my iPad
On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn () aegisitnyc com<mailto:
vaughn () aegisitnyc com>> wrote:
Hi Folks,
I am confused about the security ruleset setting in Snort. I am using a
third party vendor (Cisco Meraki) and it seems that they haven't released a
Security/Snort ruleset update to their MX security appliances because there
have been no matching snort signature releases that match the Security
Ruleset CVSS criteria. This seems confusing to me as there have been
Microsoft, Adobe and Apple snort signatures since the 4th of December 2015,
that are a CVSS of 6 and higher. Or am I mistaken?
If anyone is running the Security Ruleset in Snort (standalone), have you
gotten an update? and can someone explain this to me, because what I see
from US-Cert and the Talos releases seems to indicate that there should be
an update.
Thanks!
--
-V
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Mon, 11 Jan 2016 20:46:25 +0000
From: "Joel Esler (jesler)" <jesler () cisco com>
Subject: Re: [Snort-sigs] Security Ruleset - CVSS Level
To: "Vaughn A. Hart" <vaughn () aegisitnyc com>
Cc: "snort-sigs () lists sourceforge net"
<snort-sigs () lists sourceforge net>
Message-ID: <105DE119-2F0F-410E-A6B2-6781B11B7CA3 () cisco com>
Content-Type: text/plain; charset="us-ascii"
It will*. Sorry. Keyboard got me.
--
Joel Esler
Manager, Talos Group
Sent from my iPhone
On Jan 11, 2016, at 3:45 PM, Joel Esler (jesler) <jesler () cisco com<mailto:
jesler () cisco com>> wrote:
Vaughn,
It appears we've isolated the issue. It would be fixed shortly. Thank
you for bringing this to our attention.
--
Joel Esler
Manager, Talos Group
Sent from my iPhone
On Jan 9, 2016, at 8:40 PM, Joel Esler (jesler) <jesler () cisco com<mailto:
jesler () cisco com>> wrote:
Vaughn,
Thanks for writing in.
So, there could be a couple things going on here, and I may have to get
with the Meraki team to diagnose the problem.
First off, if we take a look at the ruleset:
https://www.snort.org/advisories/talos-rules-2016-01-07
You can see the "enabled"/"Disabled" state of the ruleset as shipped.
Now, that means "Balanced". So if it's on in Balanced, it's on in
security, as the more stringent rulesets also contain the lighter ruleset
states, and sometimes make them "harsher".
That all being said, the Meraki device is a unique type of appliance. You
select the policy you want to run, and the system takes care of it for you.
So, there will be a couple things we'll have to diagnose here, and none of
which you need to do. I'll coordinate with the Meraki team to figure out
what needs to be done. Off the top of my head, it could be several things.
I'll follow up once I touch base with them.
Sent from my iPad
On Jan 9, 2016, at 8:34 PM, Vaughn A. Hart <vaughn () aegisitnyc com<mailto:
vaughn () aegisitnyc com>> wrote:
Hi Folks,
I am confused about the security ruleset setting in Snort. I am using a
third party vendor (Cisco Meraki) and it seems that they haven't released a
Security/Snort ruleset update to their MX security appliances because there
have been no matching snort signature releases that match the Security
Ruleset CVSS criteria. This seems confusing to me as there have been
Microsoft, Adobe and Apple snort signatures since the 4th of December 2015,
that are a CVSS of 6 and higher. Or am I mistaken?
If anyone is running the Security Ruleset in Snort (standalone), have you
gotten an update? and can someone explain this to me, because what I see
from US-Cert and the Talos releases seems to indicate that there should be
an update.
Thanks!
--
-V
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
End of Snort-sigs Digest, Vol 116, Issue 4
******************************************
-- Vaughn A. Hart Manager Aegis IT, LLC 646-284-4291 vaughn () aegisitnyc com http://www.aegisitnyc.com
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-sigs Digest, Vol 116, Issue 4 Vaughn A. Hart (Jan 11)