Snort mailing list archives
Re: Fwd: pulled pork updates
From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 23 Oct 2013 15:15:50 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all <snip> On 23/10/2013 14:30, Johnny Venter wrote:
New Rules BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:SID:181) Deleted Rules BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (1:25343)
Sorry I missed this original post - this problem is fixed by moving to Pulledpork 0.7.0 - I had the same issue. SID 25343 has 'CLSID:181' in it which older PP takes to be the SID so you end up in this weird cycle of a rule that is enabled improperly. - -- Peter Bates Senior Information Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSZ9oWAAoJELhVoVpEMS6RMVAH/iqa+8HguUQI8a5GcHq1tPWc gxZ51uKkr3/oTiZ23dfLiiQ/4P1pGjVnx//HEf4PNY3djjUiKSYIPOZoJroUUf7J Ff2TtXuf6z+J07uWJmehbmGsrL1YUsVwXQdZ9M1S8gOQu0Y4m2re7Yqujbua85u3 1zQz3XZ474TXDhUCY0m7RPtDKajYJE/iFFjAIQ34UGRn64bIS7ZwtzeoX/t+297N ayb9hK9UroMchR+ysGfikGzcz6q2lYkNnVEHA8lDd6tsVU3I4D6fmDMDVdxpfMSd KnCmsVHOeOXXhNEhKq1t0icHRqPPabEFPBg0Ue9MWaXCG87zdX4FNnMbbOviCEU= =xFOx -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulled pork updates Johnny Venter (Oct 15)
- Re: pulled pork updates Joel Esler (Oct 15)
- Re: pulled pork updates JJC (Oct 15)
- Fwd: pulled pork updates Johnny Venter (Oct 23)
- Re: Fwd: pulled pork updates Johnny Venter (Oct 23)
- Re: Fwd: pulled pork updates Peter Bates (Oct 23)
- Re: Fwd: pulled pork updates Johnny Venter (Oct 23)