Snort mailing list archives

Re: Fwd: pulled pork updates

From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 23 Oct 2013 15:15:50 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

<snip>
On 23/10/2013 14:30, Johnny Venter wrote:

New Rules
        BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:SID:181)

Deleted Rules
        BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:25343)


Sorry I missed this original post - this problem is fixed by 
moving to Pulledpork 0.7.0 - I had the same issue.

SID 25343 has 'CLSID:181' in it which older PP takes
to be the SID so you end up in this weird cycle of a 
rule that is enabled improperly.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSZ9oWAAoJELhVoVpEMS6RMVAH/iqa+8HguUQI8a5GcHq1tPWc
gxZ51uKkr3/oTiZ23dfLiiQ/4P1pGjVnx//HEf4PNY3djjUiKSYIPOZoJroUUf7J
Ff2TtXuf6z+J07uWJmehbmGsrL1YUsVwXQdZ9M1S8gOQu0Y4m2re7Yqujbua85u3
1zQz3XZ474TXDhUCY0m7RPtDKajYJE/iFFjAIQ34UGRn64bIS7ZwtzeoX/t+297N
ayb9hK9UroMchR+ysGfikGzcz6q2lYkNnVEHA8lDd6tsVU3I4D6fmDMDVdxpfMSd
KnCmsVHOeOXXhNEhKq1t0icHRqPPabEFPBg0Ue9MWaXCG87zdX4FNnMbbOviCEU=
=xFOx
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

pulled pork updates Johnny Venter (Oct 15)
- Re: pulled pork updates Joel Esler (Oct 15)
- Re: pulled pork updates JJC (Oct 15)
- Fwd: pulled pork updates Johnny Venter (Oct 23)
  - Re: Fwd: pulled pork updates Johnny Venter (Oct 23)
    - Re: Fwd: pulled pork updates Peter Bates (Oct 23)