RE: help with interpreting log

["tony cowling" <tonycowling () sympatico ca>]

I am away from my snort machine at moment so am now trying to remember where
I got the bleeding rules...
Looks like there are a few places to get them from??
Which do you use and how often are these up-dated?
I have to say I was quite surprised to see the virus rules in the basic rule
set just scanning for file extensions.

-----Original Message-----
From: Bob Konigsberg [mailto:bobkberg () networkeval com] 
Sent: Thursday, February 17, 2005 7:37 PM
To: 'tony cowling'
Subject: RE: [Snort-users] help with interpreting log

Yes.  In fact, that's what I do for my spyware stuff (under malware rules)

Bob 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of tony cowling
Sent: Thursday, February 17, 2005 4:38 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] help with interpreting log

Yes the virus bleeding edge rules any way, are the malware rules one and the
same or are they separate?
I have just realized that I can limit the logging to just the alerts rather
than so much other interesting traffic appearing in a folder for each ip
address. Is that right?

-----Original Message-----
From: Bob Konigsberg [mailto:bobkberg () networkeval com]
Sent: Thursday, February 17, 2005 7:22 PM
To: 'tony cowling'
Subject: RE: [Snort-users] help with interpreting log

Ok - are you also using the bleeding edge snort malware and virus rules?

Bob 

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of tony cowling
Sent: Thursday, February 17, 2005 4:06 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] help with interpreting log



Thanks Bob.
I actually posted the same question in a couple of different ways.
I gave a little more detail the second time.
I am new to the 'email list' thing so am not sure on the process honestly. 

Any way your reply is much appreciated.
I will be watching this list with much interest.
I am actually after trying to use snort as a quick check point for virus,
worm type traffic across a small buss network. Over and above regular client
based virus software.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid reviews
on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid reviews
on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users