Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/16/2012

[Joel Esler <jesler () sourcefire com>]

http://blog.snort.org/2012/10/sourcefire-vrt-certified-snort-rules_16.html

Sourcefire VRT Certified Snort Rules Update for 10/16/2012

Just released: Sourcefire VRT Certified Snort Rules Update for 10/16/2012 

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 29 new 
rules and made modifications to 620 additional rules. 

The following changes were made to the snort.conf in this release:
The following line was updated from:
config event_queue: max_queue 8 log 3 order_events content_length
to
config event_queue: max_queue 8 log 5 order_events content_length

The following ports were added to http_inspect, the HTTP_PORTS variable, and stream5:
383
8300
50002 

The example snort.confs that the VRT recommends that you use can be found here:
http://www.snort.org/vrt/snort-conf-configurations/

In VRT's rule release: 
Synopsis: This release adds and modifies rules in several categories. 
Details: The Sourcefire VRT has added and modified multiple rules in the app-detect, browser-firefox, ddos, exploit, 
exploit-kit, indicator-compromise, malware-backdoor, malware-cnc, malware-other, misc, netbios and web-iis rule sets to 
provide coverage for emerging threats from these technologies.

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!