Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 08/29/2013

[Joel Esler <jesler () sourcefire com>]

We had ports occasionally when we write a rule that requires it.  If we need to do HTTP reassembly on a nonstandard 
port, will add one. 

--
Joel Esler

> On Aug 29, 2013, at 7:34 PM, "Jefferson, Shawn" <Shawn.Jefferson () bcferries com> wrote:
>
> Thanks Joel. Does the VRT team ever explain why they've added these ports to those configs?  I don't see that 
> anywhere in the blog post.
>
> -----Original Message-----
> From: Joel Esler [mailto:jesler () sourcefire com] 
> Sent: Thursday, August 29, 2013 4:27 PM
> To: snort-users; Snort-sigs list
> Subject: [Snort-users] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 08/29/2013
>
> I don't always send these out to the mailing lists, as they are already sent out in another form, but since we had 
> some snort.conf updates in this release, I thought I'd make double sure!
>
> http://blog.snort.org/2013/08/sourcefire-vrt-certified-snort-rules_29.html
>
> Just released:
> Sourcefire VRT Certified Snort Rules Update for 08/29/2013
>
> We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 45 new 
> rules and made modifications to 37 additional rules. 
>
> There were changes made to the snort.conf in this release:
> The following ports were added to HTTP_PORTS, http_inspect, and stream5 (ports both)
> 36
> 818
> 801
> 972
> 4000
>
> The example Snort.conf's have been updated here:
> http://www.snort.org/vrt/snort-conf-configurations/
>
> The VRT would like to thank the following individuals for their contributions, their rules are included in the 
> Community Ruleset:
>
> James Lay:
> 27726
> 27727
> 27728
>
> In VRT's rule release: 
> The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, deleted, 
> exploit-kit, file-flash, file-java, file-office, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, 
> os-mobile, protocol-dns, pua-adware, server-apache, server-mail, server-other and sql rule sets to provide coverage 
> for emerging threats from these technologies.
>
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an 
> incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!