Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Adware/Malware Rules List V2

From: "Darden, Patrick S." <darden () armc org>
Date: Fri, 5 Mar 2004 07:57:59 -0500
Krisa,
 
You don't include any details of your setup, so forgive me if I start from
the beginning:
 
1.  make sure your snort machine is sharing a layer 2 fabric with your
concentrator (e.g. external router, internet firewall, border gateway, etc.)
by one of these methods: sensor, mirrored port on your switch, or a hub
(yuck).
 
2.  make sure snort has these rules turned on in snort.conf.  E.g. if you
have these rules in local.rules, uncomment out the local.rules line.
 
3.  try sending out a false positive bia telnet or some such.  E.g. start an
http connection to the Flowgo homepage.  Does it give you a warning?
 
If none of these help, send me an email with your full situation so I can
better help you.
 
--Patrick Darden
--Internetworking Manager
--ARMC

-----Original Message-----
From: Rowland, Krisa W ERDC-ITL-MS Contractor
[mailto:Krisa.W.Rowland () erdc usace army mil]
Sent: Thursday, March 04, 2004 3:37 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Adware/Malware Rules List V2



I have applied these rules to my signatures - but haven't seen ANY alerts
and I am positive that I have plenty of users running Gator, etc.  Can you
tell me what I'm doing wrong??

-----Original Message----- 
From: Darden, Patrick S. [ mailto:darden () armc org <mailto:darden () armc org> ]

Sent: Friday, February 27, 2004 11:57 AM 
To: snort-users () lists sourceforge net 
Subject: [Snort-users] Adware/Malware Rules List V2 



Many people have pointed out that I put the wrong link up.  Sorry.  Correcte

link: 

http://www.armc.org/malware <http://www.armc.org/malware>  

It's not much, but it is there. 

--Patrick Darden 
--Internetworking Manager 
--ARMC 


------------------------------------------------------- 
SF.Net is sponsored by: Speed Start Your Linux Apps Now. 
Build and deploy apps & Web services for Linux with 
a free DVD software kit from IBM. Click Now! 
http://ads.osdn.com/?ad_id=1356
<http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click>
&alloc_id=3438&op=click 
_______________________________________________ 
Snort-users mailing list 
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe: 
https://lists.sourceforge.net/lists/listinfo/snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users>  
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users
<http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Previous By Date Next
Previous By Thread Next

Current thread: