Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Sourcefire VRT Certified Snort Rules Update 2011-12-01

From: Research <research () sourcefire com>
Date: Thu, 1 Dec 2011 13:42:49 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
attack-responses, backdoor, bad-traffic, botnet-cnc, deleted, dos,
exploit, file-identify, netbios, oracle, rservices, scada, smtp,
specific-threats, spyware-put, web-activex, web-client and web-php rule
sets to provide coverage for emerging threats from these technologies.

The Sourcefire VRT has added and modified multiple rules in the
attack-responses, backdoor, bad-traffic, botnet-cnc, deleted, dos,
exploit, file-identify, netbios, oracle, rservices, scada, smtp,
specific-threats, spyware-put, web-activex, web-client and web-php rule
sets to provide coverage for emerging threats from these technologies.

Note:
The fileidentify flowbit group has been removed. This could lead to your
local rules no longer working. You must modify local rules using this
flowbit group before you can use them in policies.

For example, if you have a rule that uses the fileidentify flowbit group
with the following set of options:

  flowbits:set,http.mpeg,fileidentify;

You must remove the fileidentify group name for the rule to continue
working. The modified rule would then contain the following:

  flowbits:set,http.mpeg;

For a complete list of new and modified rules please see:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2011-12-01.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFO18qpaBoqZBVJfwMRAgSWAJ9iN4wPH+y+nANXkJwVvyRd5M02HQCgnz4P
cg8dU17r83woOB/MC3V3BVo=
=AcRR
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: