[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Sig 2014726 - Outdated Windows Flash Version IE
From: Doug Burks <doug.burks () gmail ! com>
Date: 2013-09-25 18:57:30
Message-ID: CAK8kjrCG0UgJR15e3iEW=35w8uM5-Ees0hWgsDm+F2wGrZPb6g () mail ! gmail ! com
[Download RAW message or body]
Yes, you should be getting updated rules every day. According to the
Emerging Threats site, you have the latest version of that rule (rev
23):
http://doc.emergingthreats.net/bin/view/Main/2014726
You might want to ask the ET folks to update that rule.
Thanks,
Doug
On Wed, Sep 25, 2013 at 2:55 PM, Matt Vaughan <mcvaughan@gmail.com> wrote:
> Right. My clients are on that now.
>
> How can I check for a newer rule? My assumption was that SO did this daily,
> or do I need to update rules manually?
>
>
>
> On Wed, Sep 25, 2013 at 1:42 PM, Heine Lysemose <lysemose@gmail.com> wrote:
> >
> > Hi Matt
> >
> > According to Adobe own listing,
> > http://www.adobe.com/software/flash/about/, the latest version is
> > 11.8.800.175 for ActiveX.
> >
> > Have you checked to see if there is a newer revision of the rule?
> >
> > Regards,
> > Lysemose
> >
> > On Sep 25, 2013 8:35 PM, "Matt Vaughan" <mcvaughan@gmail.com> wrote:
> > >
> > > alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY
> > > Outdated Windows Flash Version IE"; flow:established,to_server;
> > > content:"x-flash-version|3a| "; http_header;content:!"11,8,800,168|0d 0a|";
> > > distance:0; within:14; http_header; content:"MSIE "; http_header;
> > > pcre:"/^User-Agent\x3a[^\r\n]+?MSIE/Hm"; threshold: type limit, count 1,
> > > seconds 60, track by_src; reference:url,www.adobe.com/software/flash/about/;
> > > classtype:policy-violation; sid:2014726; rev:23;)
> > >
> > >
> > > On Wednesday, September 25, 2013 12:33:31 PM UTC-5, Heine Lysemose wrote:
> > > > Hi Matt
> > > >
> > > > Could you post the whole rule, I'm not in front of a computer right
> > > > now.
> > > >
> > > > Regards,
> > > >
> > > > Lysemose
> > > >
> > > > On Sep 25, 2013 6:30 PM, "Matt Vaughan" <mcva...@gmail.com> wrote:
> > > >
> > > > I'm trying to determine why this sig is firing. Clients are all up to
> > > > date, however it's a newer version that what's in the Snort rule. Is this
> > > > sig firing because it's not exactly what's stated in the rule?
> > > >
> > > >
> > > >
> > > >
> > > > Thx
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > You received this message because you are subscribed to the Google
> > > > Groups "security-onion" group.
> > > >
> > > > To unsubscribe from this group and stop receiving emails from it, send
> > > > an email to security-onio...@googlegroups.com.
> > > >
> > > > To post to this group, send email to securit...@googlegroups.com.
> > > >
> > > > Visit this group at http://groups.google.com/group/security-onion.
> > > >
> > > > For more options, visit https://groups.google.com/groups/opt_out.
> > >
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > > "security-onion" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an
> > > email to security-onion+unsubscribe@googlegroups.com.
> > >
> > > To post to this group, send email to security-onion@googlegroups.com.
> > > Visit this group at http://groups.google.com/group/security-onion.
> > > For more options, visit https://groups.google.com/groups/opt_out.
> >
> > --
> > You received this message because you are subscribed to a topic in the
> > Google Groups "security-onion" group.
> > To unsubscribe from this topic, visit
> > https://groups.google.com/d/topic/security-onion/Kxcbc8xSCQg/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to
> > security-onion+unsubscribe@googlegroups.com.
> >
> > To post to this group, send email to security-onion@googlegroups.com.
> > Visit this group at http://groups.google.com/group/security-onion.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to security-onion+unsubscribe@googlegroups.com.
> To post to this group, send email to security-onion@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Doug Burks
http://securityonion.blogspot.com
--
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
http://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/groups/opt_out.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic