Re: Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013

[Joel Esler <jesler () sourcefire com>]

Thank you for pointing it my mistake. The snort.conf is correct.  The blog post was wrong.  

--
Joel Esler

> On Nov 2, 2013, at 13:28, Anshuman Anil Deshmukh <anshuman () cybage com> wrote:
>
> Hi Joel,
>  
> One observation. Just need to make you aware that in the mail below you have mentioned port 33330, but in the 
> snort.confs example page port mentioned is 33300. I believe 33300 is the correct port (used for Magnitude Exploit 
> Kit).
>  
>  
> Thanks and Regards,
> Anshuman
>  
> From: Joel Esler [mailto:jesler () sourcefire com] 
> Sent: Friday, November 01, 2013 1:40 AM
> To: Snort; Snort-sigs
> Subject: [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013
>  
>
>
> http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html
>
> Sourcefire VRT Certified Snort Rules Update for 10/31/2013
>
>
> We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 27 new 
> rules and made modifications to 7 additional rules. 
>
> There were three changes made to the snort.conf in this release:
>
> The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections: 
>
> 51423
> 44440
> 33330
> 15489
>
> The Snort.confs on the example page have been updated:
> http://www.snort.org/vrt/snort-conf-configurations/
>
> --
> Joel Esler
> AEGIS Intelligence Lead
> OpenSource Community Manager
> Vulnerability Research Team, Sourcefire
>
>
>
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
> which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
> the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of 
> this message is strictly prohibited. If you have received this electronic message in error please notify the sender 
> by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to 
> minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of 
> any malicious content in this e-mail. You should carry out your own malicious content checks before opening the 
> e-mail or attachment." www.cybage.com
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!