Snort mailing list archives
Re: pulled pork updates
From: JJC <cummingsj () gmail com>
Date: Tue, 15 Oct 2013 10:02:15 -0600
I am able to reproduce this, will review further... On Tue, Oct 15, 2013 at 9:08 AM, Johnny Venter <johnny.venter () zoho com>wrote:
Hi, I have an issue or need clarification on pulledpork. I see the following in my sid_changes.log: *-=Begin Changes Logged for Tue Oct 15 14:55:30 2013 GMT=-* * * *New Rules* * BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:SID:181)* * * *Deleted Rules* * BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:25343)* * * *Set Policy: Disabled* * * *Rule Totals* * New:-------1* * Deleted:---1* * Enabled:---4543* * Dropped:---0* * Disabled:--13325* * Total:-----17868* * * *-=End Changes Logged for Tue Oct 15 14:55:30 2013 GMT=-* * * My question is that I've seen this exact data since October 3, is that normal? When I started using PP, I deleted/archived all of my existing snort rules files except local.rules. Once I did this, PP put all of the rules in one file and I referenced this file in my snort.conf. Was this correct or was I supposed to keep the default rules files from snort? Thanks. ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulled pork updates Johnny Venter (Oct 15)
- Re: pulled pork updates Joel Esler (Oct 15)
- Re: pulled pork updates JJC (Oct 15)
- Fwd: pulled pork updates Johnny Venter (Oct 23)
- Re: Fwd: pulled pork updates Johnny Venter (Oct 23)
- Re: Fwd: pulled pork updates Peter Bates (Oct 23)
- Re: Fwd: pulled pork updates Johnny Venter (Oct 23)