Snort mailing list archives
Re: Is there an easy way of knowing if your definitions are updated?
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 15 Jan 2011 19:41:24 -0500
On 1/14/2011 18:33, Joel Esler wrote:
Research @ Sourcefire.com
thanks... i'll forward my previous post to them since it is already written ;)
-- Sent from my iPhone Skype:eslerjoel On Jan 14, 2011, at 6:12 PM, waldo kitty<wkitty42 () windstream net> wrote:first off, my apologies if the threading is broken with this post... i think i may have replied to it incorrectly but here's the information i have at hand anyway ;) On 1/14/2011 11:23, Joel Esler wrote:Waldo, If you run into these, please let VRT know.do you have an address for them, joel? i believe i've written to them before but i can't recall right now and i don't have anything showing up for sourcefire or vrt in my addressbooks...But that stuff should be fixed now.i understand... however... botnet-cnc.rules 24132 Dec 19, 04:45 exploit.rules 137056 Jan 9, 04:44 oracle.rules 206877 Dec 5, 04:45 policy.rules 38877 Jan 9, 04:44 rpc.rules 90160 Nov 28, 04:45 scada.rules 20872 Nov 28, 04:45 specific-threats.rules 267674 Jan 9, 04:44 telnet.rules 8381 Nov 28, 04:45 voip.rules 26609 Nov 28, 04:45 web-activex.rules 1953263 Jan 2, 04:43 web-misc.rules 178075 Dec 26, 04:45 all of the above have rules lines (some are disabled) above the header boilerplate and one of them, web-activex.rules, doesn't have any boilerplate in it at all... FWIW: the time/date stamps on the above are likely not accurate as my system does modify some of the files via oinkmaster when the rules sets are downloaded and merged together... hope this helps ;)J On Jan 14, 2011, at 10:46 AM, waldo kitty wrote:On 1/13/2011 22:29, ccie 6862 wrote:I've looked at the various rule files, and some have a date stamp, while others don't. Even though the rpc.rules file is updated (AFAIK), the version shows the following: # $Id: rpc.rules,v 1.107.2.11 2010/10/26 16:30:34 vrtbuild Exp $ This is the same for the various rule files where the date stamp is several months out. We get the email every night, but there is always a question in the back of our minds if things are current. What are other people doing?make sure that you are looking all the way thru the files... some of them got farkled a few months back and the new data (rules lines) are/were being tacked on to the head of the file instead of the tail below the header... there are a few that are still messed up IIRC from the last time i went wading...
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is there an easy way of knowing if your definitions are updated? ccie 6862 (Jan 13)
- Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)
- Re: Is there an easy way of knowing if your definitions are updated? waldo kitty (Jan 14)
- Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)
- Re: Is there an easy way of knowing if your definitions are updated? JJC (Jan 14)
- Re: Is there an easy way of knowing if your definitions are updated? waldo kitty (Jan 14)
- Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)
- Re: Is there an easy way of knowing if your definitions are updated? waldo kitty (Jan 15)
- Re: Is there an easy way of knowing if your definitions are updated? Russ Combs (Jan 17)
- Re: Is there an easy way of knowing if your definitions are updated? Joel Esler (Jan 14)