Snort mailing list archives
Re: False positives/Oink Code/Oinkmaster vs Pulled Pork?
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 6 Sep 2012 12:53:31 -0400
On Sep 6, 2012, at 12:35 PM, PR <oly562 () gmail com> wrote:
Hello, I installed acidbase, snort-mysql, today. it's up and running, however I still get this activity. #23-(1-2) [snort]COMMUNITY SIP TCP/IP message flooding directed to SIP proxy 2012-09-06 08:37:33 91.189.91.13:80 192.168.1.15:49977 TCP sorry about the formating, cut/paste.
These are the community rules, they come built into debian OSes, and are poor and not updated. Please use the VRT ruleset found on www.snort.org, and remove the community rules.
i was advised to mv from 2800 to 2900.
2900 is even end of lifed, current version is 2.9.3.1.
So i did yet still i get this "message flooding alert. it's annoying, how to go about tuning and turning off this alert. ALSO, i would like the rules to be updated, and i do have oink code, but it's listed oddly on snort.org. I don't know which one to use, nor how to use pulled pork, or oinkmaster so forth. What is the best link for this info, and what are the simple steps i need to take to get rules updating with oink code: (removed the last few digits for security purposes Oinkcode * 6d31c34a34b8e7d8a42751d16b50e3dda634xxxx * 6d31c34a34b8e7d8a42751d16b50e3dda634xxxx * 6d31c34a34b8e7d8a42751d16b50e3dda634xxxx * 3b0c3089435a4ca349130adeae083ef3c1a5xxxx Which Code works for sure? the first or last? I do not remember which is newest. the first 3 are the same by the way.
They should both work, they are tied to your name. As for the documentation for pulledpork, please feel free to ask questions here, but it's pretty self documented in the pulledpork.conf file. It's very simple. We no longer recommend oinkmaster. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- False positives/Oink Code/Oinkmaster vs Pulled Pork? PR (Sep 06)
- Re: False positives/Oink Code/Oinkmaster vs Pulled Pork? Joel Esler (Sep 06)