Snort mailing list archives
Re: snort_ddos.rules and snort_dos.rules
From: Joel Esler via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 19 Jan 2024 14:53:59 -0500
Not sure that’s something you could detect with a network product?
On Jan 18, 2024, at 17:57, Jonathan Lee <jonathanlee571 () gmail com> wrote: What we really need is a way to detect invasive containers and BSDjails and have them part of appID. Some containers are sitting and data marshaling the Network cards. I saw one a year ago that when I got access to the container and could see it the thing self deleted. From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Joel Esler via Snort-sigs <snort-sigs () lists snort org> Sent: Thursday, January 18, 2024 14:34 To: Patrick Ambühl <patrick.ambuhl () applic8 com> Cc: snort-sigs () lists snort org <snort-sigs () lists snort org> Subject: Re: [Snort-sigs] snort_ddos.rules and snort_dos.rules Yes. In fact, I depreciated them when I was still at Sourcefire (before we were purchased by Cisco!). There hasn't been anything in those categories for years. If you want DDOS/DOS rules, you need to look at the classification in the rules for denial-of-service. Rule Category Reorganization blog.snort.org <favicon.ico> <https://blog.snort.org/2012/03/rule-category-reorganization.html>Rule Category Reorganization <https://blog.snort.org/2012/03/rule-category-reorganization.html> blog.snort.org <https://blog.snort.org/2012/03/rule-category-reorganization.html> <favicon.ico> <https://blog.snort.org/2012/03/rule-category-reorganization.html> Rule Category Reorganization Phase 2 blog.snort.org <favicon.ico> <https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>Rule Category Reorganization Phase 2 <https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html> blog.snort.org <https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html> <favicon.ico> <https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>On Jan 17, 2024, at 06:40, Patrick Ambühl via Snort-sigs <snort-sigs () lists snort org> wrote: Are these two rules deprecated ? I see them as options if Snort/PFSense but when enabled no rules are displayed (active or disabled). I also checked the snortrules-snapshot-31470.tar.gz and could not find these rules either. Thank you Patrick _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- snort_ddos.rules and snort_dos.rules Patrick Ambühl via Snort-sigs (Jan 18)
- Re: snort_ddos.rules and snort_dos.rules Joel Esler via Snort-sigs (Jan 18)
- Re: snort_ddos.rules and snort_dos.rules Jonathan Lee via Snort-sigs (Jan 22)
- Re: snort_ddos.rules and snort_dos.rules Joel Esler via Snort-sigs (Jan 19)
- Re: snort_ddos.rules and snort_dos.rules Jonathan Lee via Snort-sigs (Jan 22)
- Re: snort_ddos.rules and snort_dos.rules Joel Esler via Snort-sigs (Jan 19)
- Re: snort_ddos.rules and snort_dos.rules Jonathan Lee via Snort-sigs (Jan 22)
- Re: snort_ddos.rules and snort_dos.rules Joel Esler via Snort-sigs (Jan 18)