Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: Auto update of sigs (was: Novarg Virus)]

From: bclark () bwkip com
Date: Wed, 28 Jan 2004 16:31:48 -0500 (EST)
This message was sent to me alone but was meant for the sigs list also
forwarding to the users list as it may be more revelant to that list.

Brian


---------------------------- Original Message ----------------------------
Subject: Auto update of sigs (was: Novarg Virus)
From:    "Bryan Irvine" <bryan.irvine () kingcountyjournal com>
Date:    Wed, January 28, 2004 2:37 pm
To:      bclark () bwkip com
--------------------------------------------------------------------------

This thread got me wondering about a script that polls the snort site
occasionally and downloads the latest rules.  Does anyone have something
like this running?  What would be the recommended process for this?

--Bryan

On Tue, 2004-01-27 at 15:25, bclark () bwkip com wrote:

I was trying to add the rule that was given for the DOS part. when I

restart snort I get Jan 27 17:27:35 laptop snort: FATAL ERROR:

../rules/dos.rules(26) => ParsePattern Got Null enclosed in quotation

marks (")!


Not sure what to change since this is the first rule I am adding myself.

Brian

alert tcp any any -> any 80 (msg:"W32_Novarg_SCO_DOS"; content:"GET /

HTTP/1.1|0d0a|Host: www.sco.com|0d0a0d0a|"; offset:0; dsize:37;)



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.

http://www.eclipsecon.org/osdn

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs





-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: