Snort mailing list archives
Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 2 Nov 2013 18:42:34 -0400
Thank you for pointing it my mistake. The snort.conf is correct. The blog post was wrong. -- Joel Esler
On Nov 2, 2013, at 13:28, Anshuman Anil Deshmukh <anshuman () cybage com> wrote: Hi Joel, One observation. Just need to make you aware that in the mail below you have mentioned port 33330, but in the snort.confs example page port mentioned is 33300. I believe 33300 is the correct port (used for Magnitude Exploit Kit). Thanks and Regards, Anshuman From: Joel Esler [mailto:jesler () sourcefire com] Sent: Friday, November 01, 2013 1:40 AM To: Snort; Snort-sigs Subject: [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html Sourcefire VRT Certified Snort Rules Update for 10/31/2013 We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 27 new rules and made modifications to 7 additional rules. There were three changes made to the snort.conf in this release: The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections: 51423 44440 33330 15489 The Snort.confs on the example page have been updated: http://www.snort.org/vrt/snort-conf-configurations/ -- Joel Esler AEGIS Intelligence Lead OpenSource Community Manager Vulnerability Research Team, Sourcefire "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com ------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Joel Esler (Oct 31)
- Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Anshuman Anil Deshmukh (Nov 02)
- Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Joel Esler (Nov 02)
- Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013 Anshuman Anil Deshmukh (Nov 02)