Snort mailing list archives
Re: Fwd: pulled pork updates
From: Johnny Venter <johnny.venter () zoho com>
Date: Wed, 23 Oct 2013 09:30:26 -0400
This might have been a typ-o. I clicked on the subscriber change log. I'm a registered user. I checked the registered user rules and the latest modification date is: 9-18-2013 @ 4:38PM. I'm now cross referencing this with my snort.rules. Thanks. On Oct 23, 2013, at 9:22 AM, Johnny Venter <johnny.venter () zoho com> wrote:
Hey guys, This is a follow up from my earlier question: Something just doesn't feel right about the rules. For example, I checked: http://www.snort.org/vrt/docs/ruleset_changelogs/2946/changes-2013-10-22.html and noticed that the first line 1:28255 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) I then check my snort.rules file and do not find this rule anywhere in that file. I've done a visual spot check and also used: cat snort.rules | grep -i "MALWARE-CNC Win.Trojan.Kuluoz" I did the same with "FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt" Is this rule supposed to be in my snort.rules? If so, what could be the cause of it not updating? Thanks, any help is appreciated. Begin forwarded message:From: Johnny Venter <johnny.venter () zoho com> Subject: pulled pork updates Date: October 15, 2013 11:08:36 AM EDT To: snort-users <snort-users () lists sourceforge net> Hi, I have an issue or need clarification on pulledpork. I see the following in my sid_changes.log: -=Begin Changes Logged for Tue Oct 15 14:55:30 2013 GMT=- New Rules BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:SID:181) Deleted Rules BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:25343) Set Policy: Disabled Rule Totals New:-------1 Deleted:---1 Enabled:---4543 Dropped:---0 Disabled:--13325 Total:-----17868 -=End Changes Logged for Tue Oct 15 14:55:30 2013 GMT=- My question is that I've seen this exact data since October 3, is that normal? When I started using PP, I deleted/archived all of my existing snort rules files except local.rules. Once I did this, PP put all of the rules in one file and I referenced this file in my snort.conf. Was this correct or was I supposed to keep the default rules files from snort? Thanks.------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulled pork updates Johnny Venter (Oct 15)
- Re: pulled pork updates Joel Esler (Oct 15)
- Re: pulled pork updates JJC (Oct 15)
- Fwd: pulled pork updates Johnny Venter (Oct 23)
- Re: Fwd: pulled pork updates Johnny Venter (Oct 23)
- Re: Fwd: pulled pork updates Peter Bates (Oct 23)
- Re: Fwd: pulled pork updates Johnny Venter (Oct 23)