Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update

["Will Metcalf" <william.metcalf () gmail com>]

Don't you work for a company that sells a commercial "closed" snort
ruleset???? hmmm weird..... Pot and Kettle much?

Regards,

Will

On Jan 8, 2008 2:15 PM, rmkml <rmkml () free fr> wrote:
> Hi,
> It is time to Sourcefire switch to Closed Snort rules ?
> after nessus project, It is turn SF ...
> You have missing *bsd os ...
> Regards
> Rmkml
>
>
> On Tue, 8 Jan 2008, research () sourcefire com wrote:
>
> > Date: Tue, 8 Jan 2008 18:26:27 -0500
> > From: research () sourcefire com
> > To: snort-sigs () lists sourceforge net
> > Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Sourcefire VRT Certified Snort Rules Update
> >
> > Synopsis:
> > The Sourcefire VRT is aware of vulnerabilities affecting hosts using the Microsoft Windows operating system.
> >
> > Details:
> > Microsoft Security Bulletin (MS08-001):
> > The Microsoft Windows operating system contains a programming error that may allow a remote attacker to execute 
> > code on an affected system.
> > It should be noted however, that the likelihood of this issue being actively exploited is minimal.
> >
> > Shared object rules to detect attacks targeting this vulnerability are included in this release and are identified 
> > with GID 3 and SIDs 13287 and 13288.
> >
> > For a complete list of new and modified rules please see:
> >
> > http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2008-01-08.html
> >
> >
> > IMPORTANT INFORMATION:
> > The structure of the "so_rules" directory inside the rule packages has changed.  The following is a break out of 
> > the new directory structure:
>                         __________
> > so_rules/
> >    src/
> >    precompiled/
> >           <distro>/
> >               <platform>/
> >                     <snort-version>
> >
> > Where:
> > <distro> is one of the following values:
> >    a. CentOS-4.6
> >    b. CentOS-5.1
> >    c. FC-5
> >    d. OSX-10.4
> >    e. ubuntu-6.01.1
> >
> > <platform> is one of the following values:
> >    a. i386
> >
> > <snort-version> is one of the following values
> >    a. 2.6.1.5
> >    b. 2.7.0
> >    c. 2.8.0.1
> >
> > There have been no changes to the src/ directory layout from previous packages.
> >
> > The reason for this change is two fold.  The first reason for this is to better serve the snort community by 
> > pre-compiling the "SO" rules so they are easier to use on the various platforms utilized by the snort community and 
> > the VRT subscribers. Additionally due to contract terms with some 3rd party research organizations a small number 
> > of VRT certified rules will now only be delivered as binaries. This change is limited to shared object rules. 
> > Non-SO rules will not be affected.
>                                                                                                                 
> _____________
> > If your platform / distro is not currently listed above this does not
> > mean these shared objects won't work on your platform.  Numerous Linux
> > distributions share common libc versions and it is possible that one of the above distributions and platforms will 
> > work on your system.  If none of the above combinations work on your platform please send a note to the snort-sigs 
> > mailing list so we can gage the need for additional platforms and distributions to be added to the list of 
> > supported platforms.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.5 (Cygwin)
> >
> > iD8DBQFHg6cRoFlcG+k7cPwRAqzNAKDJwgTm1SAhEl5dQgxPHmFZn98+kQCfQ1/I
> > vidtqcI2S+BCGYH/Nwy0U4w=
> > =sv5r
> > -----END PGP SIGNATURE-----
> >
> >
> > -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users