Snort mailing list archives

Re: instant snort sigs for new vulnerabilites

From: twig les <twigles () yahoo com>
Date: Mon, 1 Jul 2002 15:01:38 -0700 (PDT)

That's a good idea for a quick script that I should
have had done months ago.  As soon as I put out the
lastest mystery fire I'll see if I can get a
reasonable little Lynx-based cronjob.


--- Steve McGhee <stevem () lmri ucsb edu> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


with all the fuss lately over the new apache worm,
etc, id like to know
if my machine is getting hit (its patched, just
being curious). i know
about mod_blowchunks, but im looking for something
more general..

it seems to me that snort could see these attacks
pretty easily.

is there a tool/method out there that will retrieve
the *latest* snort
signatures automatically? for those of us not
running snort via CVS, id
like a way to do something like cvsup, but _only_
update my ruleset
every night or whatever.

i cc: the freebsd team as this might be a cool
(simple) port. (something
like /usr/ports/security/snort-signatures)

this could be helpful to people who are just
curious, or maybe could
provide some good numbers to shock lazy sysadmins
into actually patching
their machines.


..of course, this is all assuming there's someone
out there writing
signatures  ;)

- --
- -steve

~

..........................................................

~        Steve McGhee
~        Systems Administrator
~        Linguistic Minority Research Institute
~        UC Santa Barbara
~        phone: (805)893-2683
~        email: stevem () lmri ucsb edu

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Using PGP with Mozilla -
http://enigmail.mozdev.org

iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns

BcxrxnUpvAJK3Sczy5nY4Ir5
=9LCO
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo () FreeBSD org
with "unsubscribe freebsd-security" in the body of
the message



=====
-----------------------------------------------------------
Only fools have all the answers.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

instant snort sigs for new vulnerabilites Steve McGhee (Jul 02)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)
  - Re: instant snort sigs for new vulnerabilites Steve Francis (Jul 02)
- Re: instant snort sigs for new vulnerabilites Nick Zitzmann (Jul 02)
- Re: instant snort sigs for new vulnerabilites Erek Adams (Jul 03)
- Re: instant snort sigs for new vulnerabilites Stefan Dens (Jul 03)
- Re: instant snort sigs for new vulnerabilites Bennett Todd (Jul 03)
- <Possible follow-ups>
- re: instant snort sigs for new vulnerabilites Maarten (Jul 03)
  - Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
    - Re: re: instant snort sigs for new vulnerabilites Maarten Hartsuijker (Jul 04)
- RE: re: instant snort sigs for new vulnerabilites Hicks, John (Jul 03)