'[Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 04/25/2013'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 04/25/2013
From:       Joel Esler <jesler () sourcefire ! com>
Date:       2013-04-29 14:12:32
Message-ID: 15AF6F6C-0E4F-42CF-ABC8-F62CEACDBB2E () sourcefire ! com
[Download RAW message or body]


http://blog.snort.org/2013/04/sourcefire-vrt-certified-snort-rules_29.html

Sourcefire VRT Certified Snort Rules Update for 04/25/2013


We welcome the introduction of the newest rule release from the VRT. In this release \
we introduced 26 new rules and made modifications to 12 additional rules. 

There were changes made to the snort.conf in this release.

The following ports were added to the HTTP_PORTS, stream5 "both" attribute, and \
http_inspect's "ports" attribute line:

82
83
84
85
86
87
88
89
3057
6080

The lines now look like this (for easy copy and paste):

HTTP_PORTS:
portvar HTTP_PORTS [80,81,82,83,84,85,86,87,88,89,311,383,591,593,631,901,1220,1414,17 \
41,1830,2301,2381,2809,3037,3057,3128,3702,4343,4848,5250,6080,6988,7000,7001,7144,714 \
5,7510,7777,7779,8000,8008,8014,8028,8080,8085,8088,8090,8118,8123,8180,8181,8222,8243 \
,8280,8300,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555] \


Stream5:
ports both 80 81 82 83 84 85 86 87 88 89 110 311 383 443 465 563 591 593 631 636 901 \
989 992 993 994 995 1220 1414 1830 2301 2381 2809 3037 3057 3128 3702 4343 4848 5250 \
6080 6988 7907 7000 7001 7144 7145 7510 7802 7777 7779 \ 7801 7900 7901 7902 7903 \
7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \ 7917 7918 7919 7920 \
8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8222 8243 8280 8300 8800 8888 \
8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 

http_inspect:
ports { 80 81 82 83 84 85 86 87 88 89 311 383 591 593 631 901 1220 1414 1741 1830 \
2301 2381 2809 3037 3057 3128 3702 4343 4848 5250 6080 6988 7000 7001 7144 7145 7510 \
7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 \
8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 \
55555 }

And as indicated here: \
http://blog.snort.org/2013/04/master-snortconf-configurations-have.html, the \
snort.conf configurations that we distribute have been updated. 

In VRT's rule release: 
The Sourcefire VRT has added and modified multiple rules in the browser-other, \
browser-plugins, exploit-kit, file-flash, file-identify, file-multimedia, file-other, \
file-pdf, malware-cnc, scada and server-webapp rule sets to provide coverage for \
emerging threats from these technologies.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic