Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort_ddos.rules and snort_dos.rules

From: Joel Esler via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 19 Jan 2024 14:53:59 -0500
Not sure that’s something you could detect with a network product?


On Jan 18, 2024, at 17:57, Jonathan Lee <jonathanlee571 () gmail com> wrote:

What we really need is a way to detect invasive containers and BSDjails and have them part of appID. Some containers 
are sitting and data marshaling the Network cards. I saw one a year ago that when I got access to the container and 
could see it the thing self deleted.
From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Joel Esler via Snort-sigs <snort-sigs () lists 
snort org>
Sent: Thursday, January 18, 2024 14:34
To: Patrick Ambühl <patrick.ambuhl () applic8 com>
Cc: snort-sigs () lists snort org <snort-sigs () lists snort org>
Subject: Re: [Snort-sigs] snort_ddos.rules and snort_dos.rules
 
Yes.  In fact, I depreciated them when I was still at Sourcefire (before we were purchased by Cisco!).  There hasn't 
been anything in those categories for years.  If you want DDOS/DOS rules, you need to look at the classification in 
the rules for denial-of-service.


Rule Category Reorganization
blog.snort.org
<favicon.ico>
 <https://blog.snort.org/2012/03/rule-category-reorganization.html>Rule Category Reorganization 
<https://blog.snort.org/2012/03/rule-category-reorganization.html>
blog.snort.org <https://blog.snort.org/2012/03/rule-category-reorganization.html>     <favicon.ico> 
<https://blog.snort.org/2012/03/rule-category-reorganization.html>
Rule Category Reorganization Phase 2
blog.snort.org
<favicon.ico>
 <https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>Rule Category Reorganization Phase 2 
<https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>
blog.snort.org <https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>     <favicon.ico> 
<https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>



On Jan 17, 2024, at 06:40, Patrick Ambühl via Snort-sigs <snort-sigs () lists snort org> wrote:


Are these two rules deprecated ? I see them as options if Snort/PFSense but when enabled no rules are displayed 
(active or disabled). I also checked the snortrules-snapshot-31470.tar.gz and could not find these rules either.


Thank you

Patrick
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!



_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: