Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013

[Anshuman Anil Deshmukh <anshuman () cybage com>]

Hi Joel,



One observation. Just need to make you aware that in the mail below you have mentioned port 33330, but in the 
snort.confs example page port mentioned is 33300. I believe 33300 is the correct port (used for Magnitude Exploit Kit).





Thanks and Regards,

Anshuman



From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Friday, November 01, 2013 1:40 AM
To: Snort; Snort-sigs
Subject: [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013







http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html


Sourcefire VRT Certified Snort Rules Update for 10/31/2013



We welcome the introduction of the newest rule release for 
today<http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2013-10-31.html> from the VRT. In this release we 
introduced 27 new rules and made modifications to 7 additional rules.

There were three changes made to the snort.conf in this release:

The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections:

51423
44440
33330
15489

The Snort.confs on the example page have been updated:
http://www.snort.org/vrt/snort-conf-configurations/

--
Joel Esler
AEGIS Intelligence Lead
OpenSource Community Manager
Vulnerability Research Team, Sourcefire







"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." 
www.cybage.com

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!