Snort mailing list archives
Re: RE: [Snort-sigs] Any new rules coming out ofsnort.org?
From: Matthew Watchinski <mwatchinski () sourcefire com>
Date: Thu, 31 Mar 2005 15:40:33 -0500
Just thought I should jump in here and clarify a couple things.On March 28th, a VRT Certified Ruleset was released to subscribers that contained new rules for vulnerabilities in MySQL, ARCserver, and Oracle.
3528 - MySQL CREATE Function attempt 3526 - Oracle XDB FTP Unlock overflow 3530 - ArcServe backup UDP msg 0x99 overflowWe also included new FTP Bounce rule that utilizes new detection capabilities that are in the 2.4 Branch of Snort. Additionally there were a number of updates made to previously released rules to improve their accuracy. For a complete list of changes see the changelog at http://www.snort.org/rules/docs/ruleset_changelogs/v23/changes-2005-03-28.html.
As a side note, this ruleset includes the rules used by NSS for their recent Gigabit IDS Test
Registered users will be able to get this content on 4/2. Additionally an updated Community Rule Pack will be out shortly.
Cheers Matthew Watchinski Director, Vulnerability Research Team Sourcefire, Inc. Arseneault, Thomas (HQP) wrote:
I know all about how subscription vs. registered works, my point was that the previous poster said that there have been two releases since the 16th and there hasn't been, not to the general public anyway. I also use oinkmaster and I frequently see updates to the bleeding set but only once from snort.org for either the vrt or community rule sets, back near the 16th. I just checked the output of my update (which I have automatically done at 12:30 every morning) and saw no updates for vrt or community but oinkmaster did function properly, it processed the rule sets but just did not find anything had changed (Just to be sure I ran the update script by hand to watch for error messages that might not have made it into the logs and it worked flawlessly, downloaded all the files, unpacked them and checked for changes, found none and exited). Tom -----Original Message-----From: Briggs, Bruce [mailto:Bruce.Briggs () suny edu] Sent: Thursday, March 31, 2005 7:12 AMTo: Arseneault, Thomas (HQP) Cc: snort-users Subject: RE: [Snort-users] RE: [Snort-sigs] Any new rules coming out ofsnort.org? Have you registered on the Snort site? If not, then you won't get updates until the next Snort release. http://www.snort.org/rules/ Subscribers receive real-time rules updates as they are available -Learn more about subscription highlights here Registered users can access rule updates 5 days after release to subscription users. Unregistered users receive a static ruleset at the time of each major Snort ReleaseI am registered, and I see some updated rules files from my Oinkmaster update done yesterday. Bruce -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Arseneault, Thomas (HQP) Sent: Wednesday, March 30, 2005 6:23 PM To: Ron Jenkins; Matt Kettler Cc: snort-users Subject: RE: [Snort-users] RE: [Snort-sigs] Any new rules coming out of snort.org? I just downloaded the latest ruleset from http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkmaster code>/snortrules-snapshot-2.3.tar.gz and I found that all the included files were dated 3/16 none were any later. I did see a see an email from the 28th about a "VRT Certified Rules Update" but nothing so far. Tom Arseneault Security Engineer Robert Half International -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ron Jenkins Sent: Wednesday, March 30, 2005 1:43 PM To: Matt Kettler Cc: snort-users Subject: [Snort-users] RE: [Snort-sigs] Any new rules coming out of snort.org? There has been two set of rules since then for registered and subscribers users. -----Original Message----- From: snort-sigs-admin () lists sourceforge net [mailto:snort-sigs-admin () lists sourceforge net] On Behalf Of Matt Kettler Sent: Wednesday, March 30, 2005 3:45 PM To: Tom Currie, Consultant Cc: snort-sigs () lists sourceforge net Subject: Re: [Snort-sigs] Any new rules coming out of snort.org? Tom Currie, Consultant wrote:I see that I have new rules all the time from bleeding-snort, but Ihave not hadany new rules from snort.org since March 16th. (based on oinkmaster). I an still getting downloads of the tgz sig file, but it's frozen intime. Isit deprecated and I should just move on, or what?See the website: http://www.snort.org/rules/ ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: RE: [Snort-sigs] Any new rules coming out ofsnort.org? Arseneault, Thomas (HQP) (Mar 31)
- Re: RE: [Snort-sigs] Any new rules coming out ofsnort.org? Matthew Watchinski (Mar 31)