Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort_ddos.rules and snort_dos.rules

From: Jonathan Lee via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 18 Jan 2024 22:57:27 +0000
What we really need is a way to detect invasive containers and BSDjails and have them part of appID. Some containers 
are sitting and data marshaling the Network cards. I saw one a year ago that when I got access to the container and 
could see it the thing self deleted.
________________________________
From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Joel Esler via Snort-sigs <snort-sigs () lists 
snort org>
Sent: Thursday, January 18, 2024 14:34
To: Patrick Ambühl <patrick.ambuhl () applic8 com>
Cc: snort-sigs () lists snort org <snort-sigs () lists snort org>
Subject: Re: [Snort-sigs] snort_ddos.rules and snort_dos.rules

Yes.  In fact, I depreciated them when I was still at Sourcefire (before we were purchased by Cisco!).  There hasn't 
been anything in those categories for years.  If you want DDOS/DOS rules, you need to look at the classification in the 
rules for denial-of-service.


<https://blog.snort.org/2012/03/rule-category-reorganization.html>
Rule Category Reorganization<https://blog.snort.org/2012/03/rule-category-reorganization.html>
blog.snort.org<https://blog.snort.org/2012/03/rule-category-reorganization.html>
[favicon.ico]<https://blog.snort.org/2012/03/rule-category-reorganization.html>

<https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>
Rule Category Reorganization Phase 2<https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>
blog.snort.org<https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>
[favicon.ico]<https://blog.snort.org/2012/08/rule-category-reorganization-phase-2.html>


On Jan 17, 2024, at 06:40, Patrick Ambühl via Snort-sigs <snort-sigs () lists snort org> wrote:



Are these two rules deprecated ? I see them as options if Snort/PFSense but when enabled no rules are displayed (active 
or disabled). I also checked the snortrules-snapshot-31470.tar.gz and could not find these rules either.



Thank you


Patrick

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!



_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: