Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Thu, 25 Sep 2014 20:57:10 +0000
Because “Shellshock” is a creative name for it…  That’s not what the rules are called.

Do a 

grep "Bash CGI environment variable injection attempt” community.rules

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos


On Sep 25, 2014, at 4:24 PM, Teo En Ming <singapore.mr.teo.en.ming () gmail com> wrote:

Hi,

I have downloaded and installed the latest community rules from the 
official snort website.

But I cannot find any shellshock bug detection rules in the latest 
community rules.

1) grep shock community.rules
Results: Not found

2) grep shell community.rules
Results: Too many shellcode results returned

3) grep sheel community.rules
Results: Not found. sheelshock is actually a mis-spelling for shellshock

Can anybody help me to find the shellshock bug detection rules in the 
latest community rules?

Thank you very much.

-- 
Yours sincerely,

Teo En Ming
Singapore


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: