Snort mailing list archives
Re: SID 16367
From: Alex Kirk <akirk () sourcefire com>
Date: Mon, 25 Jan 2010 12:56:18 -0500
It's an SO rule, so you're not going to see the rule itself anywhere in the rules download. The .so file will be in so_rules/precompiled/<OS>/<platform>/<Snort Version>/web_client.so, i.e. so_rules/precompiled/Ubuntu-6.01.1/i386/2.8.5.1/web_client.so. A stub rule should be in the so_rules/web_client.rules file. That said, one thing I've seen happen repeatedly (and done myself) is that someone grabbed the registered user release instead of the subscriber release (it's the lower thing on the page when you hit the download rules button, and it just seems obvious), and the registered release won't have that rule yet (there's a 30-day delay). On Mon, Jan 25, 2010 at 12:29 PM, Document Retention < document.retention () gmail com> wrote:
Hello, I am unable to find the new IE zero day exploit rule withing the latest VRT ruleset. The VRT guys said they added it on the 15th. http://www.snort.org/vrt/advisories/2010/01/15/vrt-rules-2010-01-15.html/ Am I missing something? Where is the rule? Thanks, Doc ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SID 16367 Document Retention (Jan 25)
- Re: SID 16367 Alex Kirk (Jan 25)