arachnids_upd v0.3

[Andreas Östling <andreaso () it su se>]

Hello!
I've put up version 0.3 of my little arachNIDS Snort rules updater at
http://nitzer.dhs.org/arachnids_upd/

It now has much more easy-to-read output of the rule changes.
For example, it may look something like this:

...
[+++]     Added (new):     [+++]
  alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: P+; content: "|8B C4 83 C0 11 33 
C9 66 B9 20 01 80 30 03|";)
  alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: P+; content: "|33 C0 B0 90 03 
D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";)
  alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: P+; content: ".printer"; 
nocase;)


And the next update:

...
[///]   Modified active:   [///]
  Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: P+; content: "|8B C4 83 C0 
11 33 C9 66 B9 20 01 80 30 03|";)
  New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: A+; content: "|8B C4 83 C0 
11 33 C9 66 B9 20 01 80 30 03|";)
  Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: P+; content: "|33 C0 B0 
90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";)
  New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: A+; content: "|33 C0 B0 
90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";)
  Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: P+; content: ".printer"; 
nocase;)
  New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: A+; content: ".printer"; 
nocase;)



Regards,
Andreas Östling


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users