[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1
From: PR <oly562 () gmail ! com>
Date: 2012-08-03 0:08:53
Message-ID: 1343952533.22336.5.camel () vulcan
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
non-member? lol.. i been getting emailsfor like 5 yrs. check your db. oh
and if not, update me. thanks. pete
On Thu, 2012-08-02 at 21:20 +0000,
snort-sigs-request@lists.sourceforge.net wrote:
> Send Snort-sigs mailing list submissions to
> snort-sigs@lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> or, via email, send a message with subject or body 'help' to
> snort-sigs-request@lists.sourceforge.net
>
> You can reach the person managing the list at
> snort-sigs-owner@lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-sigs digest..."
>
>
> Today's Topics:
>
> 1. Sourcefire VRT Certified Snort Rules Update 2012-07-19 (Research)
> 2. little help with false positives? (Henri Reinikainen)
> 3. Sourcefire VRT Certified Snort Rules Update 2012-07-24 (Research)
> 4. request enhance old sid 3193 please (rmkml)
> 5. Re: [Emerging-Sigs] request enhance old sid 3193 please
> (Matt Jonkman)
> 6. Sourcefire VRT Certified Snort Rules Update 2012-08-01 (Research)
> 7. Sourcefire VRT Certified Snort Rules Update 2012-08-02 (Research)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 19 Jul 2012 18:11:04 -0400 (EDT)
> From: Research <research@sourcefire.com>
> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> 2012-07-19
> To: snort-sigs@lists.sourceforge.net
> Message-ID: <20120719221104.5A8546CC013@sourcefire.com>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> The Sourcefire VRT has added and modified multiple rules in the
> backdoor, botnet-cnc, chat, dos, exploit, file-identify, file-office,
> file-other, file-pdf, ftp, policy, smtp, specific-threats, web-client
> and web-php rule sets to provide coverage for emerging threats from
> these technologies.
>
> For a complete list of new and modified rules please see:
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-07-19.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFQCIOraBoqZBVJfwMRAnHaAJ0T8TPewWjUxlmGv4VOptp6oDj7kgCfTdl8
> JJWyO6jT/+ZsMs4wURs32tU=
> =b4+h
> -----END PGP SIGNATURE-----
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 20 Jul 2012 08:32:03 +0300
> From: Henri Reinikainen <henri@reinikainen.in>
> Subject: [Snort-sigs] little help with false positives?
> To: <snort-sigs@lists.sourceforge.net>
> Message-ID: <f173bae8b9893838cab70332e36ce149@rootservers.in>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi
>
> Does someone has time to educate me? Because I don't get it.
>
> spamd-setup is running in cron hourly. Fetching spammer ip lists from
> www.openbsd.org via http. Every time this fetch happens there's some
> alerts triggered.
>
> # spamd-setup -d -b
> Getting http://www.openbsd.org/spamd/traplist.gz
> blacklist uatraps 51709 entries
> Getting http://www.openbsd.org/spamd/nixspam.gz
> blacklist nixspam 40000 entries
>
> sensitive_data: sensitive data global threshold exceeded
> sensitive_data: sensitive data - eMail addresses
> http_inspect: HTTP RESPONSE GZIP DECOMPRESSION FAILED
> http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
>
> I've checked connection with telnet and content of those lists. There
> is nothing even remotely like e-mail addresses (well one). Other problem
> with this is, that those list are downloaded to server, not uploaded. If
> I understand correctly this rule should only be working in one
> direction.
> If I download these lists and decompress them by hand, there is no
> decompression errors.
>
> ipvar HOME_NET [xxx.xxx.xxx.xxx/32]
> ipvar EXTERNAL_NET !$HOME_NET
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110]
> (msg:"SENSITIVE- DATA Email Addresses"; metadata:service http,
> service smtp, service ftp-data , service imap, service pop3;
> sd_pattern:20,email; classtype:sdf; sid:5; gid :138; rev:1;)
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 24 Jul 2012 12:34:03 -0400 (EDT)
> From: Research <research@sourcefire.com>
> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> 2012-07-24
> To: snort-sigs@lists.sourceforge.net
> Message-ID: <20120724163403.4FCF8D4055@sourcefire.com>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> The Sourcefire VRT has added and modified multiple rules in the
> backdoor, bad-traffic, blacklist, botnet-cnc, exploit, file-identify,
> file-office, file-pdf, indicator-compromise, policy, scan, spyware-put,
> web-client and web-php rule sets to provide coverage for emerging
> threats from these technologies.
>
> For a complete list of new and modified rules please see:
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-07-24.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFQDswIaBoqZBVJfwMRAhOIAJ0eh3t6YNwePdrk/CSPzBSh5NC9dwCeJ4FF
> Tp7+DYJ+0ebxWXGhGD7etlo=
> =e3Z2
> -----END PGP SIGNATURE-----
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 30 Jul 2012 01:31:58 +0200 (CEST)
> From: rmkml <rmkml@yahoo.fr>
> Subject: [Snort-sigs] request enhance old sid 3193 please
> To: Snort-sigs@lists.sourceforge.net,
> Emerging-sigs@emergingthreats.net
> Message-ID: <alpine.LFD.2.01.1207300124250.1837@lenovo.localdomain>
> Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
>
> Hi,
> Im request on old sid 3193 to enhance pcre,
>
> old:
> pcre:"/.cmd\x22.*\x26.*/smi";
>
> new:
> pcre:"/\.cmd\x22.*?\x26/Ui";
>
> Fire with this URI:
> /a.cmd"a&
> /a.cmd%22a&
> /a.cmd"a%26
> /a.cmd%22a%26
>
> Regards
> Rmkml
>
> http://twitter.com/rmkml
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 29 Jul 2012 17:40:00 -0400
> From: Matt Jonkman <jonkman@jonkmans.com>
> Subject: Re: [Snort-sigs] [Emerging-Sigs] request enhance old sid 3193
> please
> To: rmkml <rmkml@yahoo.fr>
> Cc: Snort-sigs@lists.sourceforge.net,
> Emerging-sigs@emergingthreats.net
> Message-ID:
> <CAMHk8W=yaFMykz=7Kc3RMbDOUQS9CKorjvZ2svtRcjB0Sp8EVg@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Good catch, making the change now. (2103193 in the ET set)
>
> Matt
>
> On Sun, Jul 29, 2012 at 7:31 PM, rmkml <rmkml@yahoo.fr> wrote:
> > Hi,
> > Im request on old sid 3193 to enhance pcre,
> >
> > old:
> > pcre:"/.cmd\x22.*\x26.*/smi";
> >
> > new:
> > pcre:"/\.cmd\x22.*?\x26/Ui";
> >
> > Fire with this URI:
> > /a.cmd"a&
> > /a.cmd%22a&
> > /a.cmd"a%26
> > /a.cmd%22a%26
> >
> > Regards
> > Rmkml
> >
> > http://twitter.com/rmkml
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs@lists.emergingthreats.net
> > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> >
> > Support Emerging Threats! Subscribe to Emerging Threats Pro
> > http://www.emergingthreatspro.com
> > The ONLY place to get complete premium rulesets for Snort 2.4.0 through
> > Current!
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 1 Aug 2012 13:00:38 -0400 (EDT)
> From: Research <research@sourcefire.com>
> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> 2012-08-01
> To: snort-sigs@lists.sourceforge.net
> Message-ID: <20120801170038.3F8D26CC00F@sourcefire.com>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> The Sourcefire VRT has added and modified multiple rules in the
> blacklist, botnet-cnc, exploit, file-identify, file-other, file-pdf,
> indicator-obfuscation, specific-threats, sql, web-client and web-misc
> rule sets to provide coverage for emerging threats from these
> technologies.
>
> For a complete list of new and modified rules please see:
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-08-01.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFQGV4DaBoqZBVJfwMRAo81AJ9zEO7PTr2B2ByPWdn9k6shZ7KsKgCdF0oc
> OhvJr8B6DqJ9R+/B0SfziWg=
> =OuJD
> -----END PGP SIGNATURE-----
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 2 Aug 2012 15:33:53 -0400 (EDT)
> From: Research <research@sourcefire.com>
> Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> 2012-08-02
> To: snort-sigs@lists.sourceforge.net
> Message-ID: <20120802193353.18A2D6CC025@sourcefire.com>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> The Sourcefire VRT has added and modified multiple rules in the
> botnet-cnc, file-identify, indicator-obfuscation and web-php rule sets
> to provide coverage for emerging threats from these technologies.
>
> For a complete list of new and modified rules please see:
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-08-02.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFQGtNlaBoqZBVJfwMRAkf3AJ9/Omk0asIMX52PwELbS3pDzCK6FwCgnLhx
> oHhLU/dUmTNama2DimTnP9U=
> =EZZA
> -----END PGP SIGNATURE-----
>
>
>
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
> ------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> End of Snort-sigs Digest, Vol 75, Issue 1
> *****************************************
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.3">
</HEAD>
<BODY>
non-member? lol.. i been getting emailsfor like 5 yrs. check your db. oh and if not, \
update me. thanks. pete<BR> <BR>
On Thu, 2012-08-02 at 21:20 +0000, snort-sigs-request@lists.sourceforge.net wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Send Snort-sigs mailing list submissions to
<A HREF="mailto:snort-sigs@lists.sourceforge.net">snort-sigs@lists.sourceforge.net</A>
To subscribe or unsubscribe via the World Wide Web, visit
<A HREF="https://lists.sourceforge.net/lists/listinfo/snort-sigs">https://lists.sourceforge.net/lists/listinfo/snort-sigs</A>
or, via email, send a message with subject or body 'help' to
<A HREF="mailto:snort-sigs-request@lists.sourceforge.net">snort-sigs-request@lists.sourceforge.net</A>
You can reach the person managing the list at
<A HREF="mailto:snort-sigs-owner@lists.sourceforge.net">snort-sigs-owner@lists.sourceforge.net</A>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-sigs digest..."
Today's Topics:
1. Sourcefire VRT Certified Snort Rules Update 2012-07-19 (Research)
2. little help with false positives? (Henri Reinikainen)
3. Sourcefire VRT Certified Snort Rules Update 2012-07-24 (Research)
4. request enhance old sid 3193 please (rmkml)
5. Re: [Emerging-Sigs] request enhance old sid 3193 please
(Matt Jonkman)
6. Sourcefire VRT Certified Snort Rules Update 2012-08-01 (Research)
7. Sourcefire VRT Certified Snort Rules Update 2012-08-02 (Research)
----------------------------------------------------------------------
Message: 1
Date: Thu, 19 Jul 2012 18:11:04 -0400 (EDT)
From: Research <<A \
HREF="mailto:research@sourcefire.com">research@sourcefire.com</A>>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
2012-07-19
To: <A HREF="mailto:snort-sigs@lists.sourceforge.net">snort-sigs@lists.sourceforge.net</A>
Message-ID: <<A HREF="mailto:20120719221104.5A8546CC013@sourcefire.com">20120719221104.5A8546CC013@sourcefire.com</A>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Certified Snort Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the
backdoor, botnet-cnc, chat, dos, exploit, file-identify, file-office,
file-other, file-pdf, ftp, policy, smtp, specific-threats, web-client
and web-php rule sets to provide coverage for emerging threats from
these technologies.
For a complete list of new and modified rules please see:
<A HREF="http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-07-19.html">http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-07-19.html</A>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFQCIOraBoqZBVJfwMRAnHaAJ0T8TPewWjUxlmGv4VOptp6oDj7kgCfTdl8
JJWyO6jT/+ZsMs4wURs32tU=
=b4+h
-----END PGP SIGNATURE-----
------------------------------
Message: 2
Date: Fri, 20 Jul 2012 08:32:03 +0300
From: Henri Reinikainen <<A \
HREF="mailto:henri@reinikainen.in">henri@reinikainen.in</A>>
Subject: [Snort-sigs] little help with false positives?
To: <<A HREF="mailto:snort-sigs@lists.sourceforge.net">snort-sigs@lists.sourceforge.net</A>>
Message-ID: <<A HREF="mailto:f173bae8b9893838cab70332e36ce149@rootservers.in">f173bae8b9893838cab70332e36ce149@rootservers.in</A>>
Content-Type: text/plain; charset=UTF-8; format=flowed
Hi
Does someone has time to educate me? Because I don't get it.
spamd-setup is running in cron hourly. Fetching spammer ip lists from
<A HREF="http://www.openbsd.org">www.openbsd.org</A> via http. Every time this fetch \
happens there's some alerts triggered.
# spamd-setup -d -b
Getting <A HREF="http://www.openbsd.org/spamd/traplist.gz">http://www.openbsd.org/spamd/traplist.gz</A>
blacklist uatraps 51709 entries
Getting <A HREF="http://www.openbsd.org/spamd/nixspam.gz">http://www.openbsd.org/spamd/nixspam.gz</A>
blacklist nixspam 40000 entries
sensitive_data: sensitive data global threshold exceeded
sensitive_data: sensitive data - eMail addresses
http_inspect: HTTP RESPONSE GZIP DECOMPRESSION FAILED
http_inspect: NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
I've checked connection with telnet and content of those lists. There
is nothing even remotely like e-mail addresses (well one). Other problem
with this is, that those list are downloaded to server, not uploaded. If
I understand correctly this rule should only be working in one
direction.
If I download these lists and decompress them by hand, there is no
decompression errors.
ipvar HOME_NET [xxx.xxx.xxx.xxx/32]
ipvar EXTERNAL_NET !$HOME_NET
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,20,25,143,110]
(msg:"SENSITIVE- DATA Email Addresses"; metadata:service http,
service smtp, service ftp-data , service imap, service pop3;
sd_pattern:20,email; classtype:sdf; sid:5; gid :138; rev:1;)
------------------------------
Message: 3
Date: Tue, 24 Jul 2012 12:34:03 -0400 (EDT)
From: Research <<A \
HREF="mailto:research@sourcefire.com">research@sourcefire.com</A>>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
2012-07-24
To: <A HREF="mailto:snort-sigs@lists.sourceforge.net">snort-sigs@lists.sourceforge.net</A>
Message-ID: <<A HREF="mailto:20120724163403.4FCF8D4055@sourcefire.com">20120724163403.4FCF8D4055@sourcefire.com</A>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Certified Snort Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the
backdoor, bad-traffic, blacklist, botnet-cnc, exploit, file-identify,
file-office, file-pdf, indicator-compromise, policy, scan, spyware-put,
web-client and web-php rule sets to provide coverage for emerging
threats from these technologies.
For a complete list of new and modified rules please see:
<A HREF="http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-07-24.html">http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-07-24.html</A>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFQDswIaBoqZBVJfwMRAhOIAJ0eh3t6YNwePdrk/CSPzBSh5NC9dwCeJ4FF
Tp7+DYJ+0ebxWXGhGD7etlo=
=e3Z2
-----END PGP SIGNATURE-----
------------------------------
Message: 4
Date: Mon, 30 Jul 2012 01:31:58 +0200 (CEST)
From: rmkml <<A HREF="mailto:rmkml@yahoo.fr">rmkml@yahoo.fr</A>>
Subject: [Snort-sigs] request enhance old sid 3193 please
To: <A HREF="mailto:Snort-sigs@lists.sourceforge.net">Snort-sigs@lists.sourceforge.net</A>,
<A HREF="mailto:Emerging-sigs@emergingthreats.net">Emerging-sigs@emergingthreats.net</A>
Message-ID: <<A HREF="mailto:alpine.LFD.2.01.1207300124250.1837@lenovo.localdomain">alpine.LFD.2.01.1207300124250.1837@lenovo.localdomain</A>>
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
Hi,
Im request on old sid 3193 to enhance pcre,
old:
pcre:"/.cmd\x22.*\x26.*/smi";
new:
pcre:"/\.cmd\x22.*?\x26/Ui";
Fire with this URI:
/a.cmd"a&
/a.cmd%22a&
/a.cmd"a%26
/a.cmd%22a%26
Regards
Rmkml
<A HREF="http://twitter.com/rmkml">http://twitter.com/rmkml</A>
------------------------------
Message: 5
Date: Sun, 29 Jul 2012 17:40:00 -0400
From: Matt Jonkman <<A \
HREF="mailto:jonkman@jonkmans.com">jonkman@jonkmans.com</A>>
Subject: Re: [Snort-sigs] [Emerging-Sigs] request enhance old sid 3193
please
To: rmkml <<A HREF="mailto:rmkml@yahoo.fr">rmkml@yahoo.fr</A>>
Cc: <A HREF="mailto:Snort-sigs@lists.sourceforge.net">Snort-sigs@lists.sourceforge.net</A>,
<A HREF="mailto:Emerging-sigs@emergingthreats.net">Emerging-sigs@emergingthreats.net</A>
Message-ID:
<<A HREF="mailto:CAMHk8W=yaFMykz=7Kc3RMbDOUQS9CKorjvZ2svtRcjB0Sp8EVg@mail.gmail.com">CAMHk8W=yaFMykz=7Kc3RMbDOUQS9CKorjvZ2svtRcjB0Sp8EVg@mail.gmail.com</A>>
Content-Type: text/plain; charset=ISO-8859-1
Good catch, making the change now. (2103193 in the ET set)
Matt
On Sun, Jul 29, 2012 at 7:31 PM, rmkml <<A \
HREF="mailto:rmkml@yahoo.fr">rmkml@yahoo.fr</A>> wrote: > Hi,
> Im request on old sid 3193 to enhance pcre,
>
> old:
> pcre:"/.cmd\x22.*\x26.*/smi";
>
> new:
> pcre:"/\.cmd\x22.*?\x26/Ui";
>
> Fire with this URI:
> /a.cmd"a&
> /a.cmd%22a&
> /a.cmd"a%26
> /a.cmd%22a%26
>
> Regards
> Rmkml
>
> <A HREF="http://twitter.com/rmkml">http://twitter.com/rmkml</A>
> _______________________________________________
> Emerging-sigs mailing list
> <A HREF="mailto:Emerging-sigs@lists.emergingthreats.net">Emerging-sigs@lists.emergingthreats.net</A>
> <A HREF="http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs">http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs</A>
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> <A HREF="http://www.emergingthreatspro.com">http://www.emergingthreatspro.com</A>
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through
> Current!
------------------------------
Message: 6
Date: Wed, 1 Aug 2012 13:00:38 -0400 (EDT)
From: Research <<A \
HREF="mailto:research@sourcefire.com">research@sourcefire.com</A>>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
2012-08-01
To: <A HREF="mailto:snort-sigs@lists.sourceforge.net">snort-sigs@lists.sourceforge.net</A>
Message-ID: <<A HREF="mailto:20120801170038.3F8D26CC00F@sourcefire.com">20120801170038.3F8D26CC00F@sourcefire.com</A>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Certified Snort Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, botnet-cnc, exploit, file-identify, file-other, file-pdf,
indicator-obfuscation, specific-threats, sql, web-client and web-misc
rule sets to provide coverage for emerging threats from these
technologies.
For a complete list of new and modified rules please see:
<A HREF="http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-08-01.html">http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-08-01.html</A>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFQGV4DaBoqZBVJfwMRAo81AJ9zEO7PTr2B2ByPWdn9k6shZ7KsKgCdF0oc
OhvJr8B6DqJ9R+/B0SfziWg=
=OuJD
-----END PGP SIGNATURE-----
------------------------------
Message: 7
Date: Thu, 2 Aug 2012 15:33:53 -0400 (EDT)
From: Research <<A \
HREF="mailto:research@sourcefire.com">research@sourcefire.com</A>>
Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
2012-08-02
To: <A HREF="mailto:snort-sigs@lists.sourceforge.net">snort-sigs@lists.sourceforge.net</A>
Message-ID: <<A HREF="mailto:20120802193353.18A2D6CC025@sourcefire.com">20120802193353.18A2D6CC025@sourcefire.com</A>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sourcefire VRT Certified Snort Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the
botnet-cnc, file-identify, indicator-obfuscation and web-php rule sets
to provide coverage for emerging threats from these technologies.
For a complete list of new and modified rules please see:
<A HREF="http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-08-02.html">http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-08-02.html</A>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFQGtNlaBoqZBVJfwMRAkf3AJ9/Omk0asIMX52PwELbS3pDzCK6FwCgnLhx
oHhLU/dUmTNama2DimTnP9U=
=EZZA
-----END PGP SIGNATURE-----
------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. <A HREF="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</A>
------------------------------
_______________________________________________
Snort-sigs mailing list
<A HREF="mailto:Snort-sigs@lists.sourceforge.net">Snort-sigs@lists.sourceforge.net</A>
<A HREF="https://lists.sourceforge.net/lists/listinfo/snort-sigs">https://lists.sourceforge.net/lists/listinfo/snort-sigs</A>
<A HREF="http://www.snort.org">http://www.snort.org</A>
Please visit <A HREF="http://blog.snort.org">http://blog.snort.org</A> for the latest \
news about Snort!
End of Snort-sigs Digest, Vol 75, Issue 1
*****************************************
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic