Snort mailing list archives

VRT Rule Update for 08/25/2011: Modifications to the snort.conf file

From: Joel Esler <joel () sourcefire com>
Date: Thu, 25 Aug 2011 17:30:38 -0400

All,

A special note about today's rule release.  Please see the blog post below for full details.

The registered users of Snort have emailed me and told me that they will not be able to access the snort.conf for 2.9.1 
until the 30 day window is open.  This is correct, however, for registered users's convenience you may access the 2.9.1 
snort.conf here:
http://www.snort.org/assets/184/snort.conf

======

http://blog.snort.org/2011/08/vrt-rule-update-for-08252011.html

The following changes have been made to the snort.conf in this release:

Modifications to HTTP_PORTS

portvar HTTP_PORTS 
[80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,8888,8899,9080,9090,9091,9443,9999,11371,55555]


Modifications to Stream5 configuration:

ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 
7907 7001 7145 7510 7802 7777 7779 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8888 
8899 9080 9090 9091 9443 9999 11371 55555


Modifications to http_inspect

ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 
8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 }


Increase to the Max sessions in the SIP preprocessor

preprocessor sip: max_sessions 40000


Increase to the max_content_len parameter in the SIP preprocessor

max_content_len 2048


Modifications to the file names in the IP Blacklist Preprocessor

preprocessor reputation: \
memcap 500, \
priority whitelist, \
nested_ip inner, \
whitelist $WHITE_LIST_PATH/white_list.rules, \
blacklist $BLACK_LIST_PATH/black_list.rules 

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the backdoor, botnet-cnc, dos, exploit, netbios, rpc, 
specific-threats, spyware-put and web-misc rule sets to provide coverage for emerging threats from these technologies.


------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management 
Up to 160% more powerful than alternatives and 25% more efficient. 
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Eoin Miller (Aug 26)
  - Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)
    - Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Greg Lane (Aug 26)
    - Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)