[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] about rules commented
From: "Joel Esler (jesler)" <jesler () cisco ! com>
Date: 2015-05-29 13:10:44
Message-ID: 2A5FC35B-84E2-4236-B034-97688F959959 () cisco ! com
[Download RAW message or body]
On May 27, 2015, at 11:16 PM, Diego Batigoal <diegobatigoal@yahoo.com.au<ma=
ilto:diegobatigoal@yahoo.com.au>> wrote:
Hi Waldo,
On the Certified Ethical Hacker v8 module on pg. 861. I have to apply a few=
steps.
I have attached a pdf so you can have a look and have a better view.
Let me know if you are not able to view it.
Looks like you are looking for an ICMP rule. Take a look at protocol-icmp.=
rules?
--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com
On Thursday, 28 May 2015, 12:39, waldo kitty <wkitty42@windstream.net<mailt=
o:wkitty42@windstream.net>> wrote:
On 05/27/2015 07:24 PM, Diego Batigoal wrote:
> I realized that and still struggling with this step. Maybe somebody that=
had
> done the same training (CEH v8) could help.
what step? what training, where?
> I can't proceed from this step onwards. I have found the missing rules b=
ut cant
> seem to find the one I want.
what, exactly are you looking for? it is starting to sound like the trainin=
g
""manual"" it out of date... that's real easy to happen with snort and its =
rules
because of the way snort is updated and older versions are retired with no
support at all...
--
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
---------------------------------------------------------------------------=
---
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net<mailto:Snort-sigs@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>
Please visit http://blog.snort.org <http://blog.snort.org/> for the latest =
news about Snort!
<CEH v8 Labs Module 17 Evading IDS, Firewalls and Honeypots 16.pdf>--------=
----------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net<mailto:Snort-sigs@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: \
after-white-space;" class=""> <br class="">
<div>
<blockquote type="cite" class="">
<div class="">On May 27, 2015, at 11:16 PM, Diego Batigoal <<a \
href="mailto:diegobatigoal@yahoo.com.au" class="">diegobatigoal@yahoo.com.au</a>> \
wrote:</div> <br class="Apple-interchange-newline">
<div class="">
<div class="">
<div style="background-color: rgb(255, 255, 255); font-family: HelveticaNeue, \
'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" \
class=""> <div id="yui_3_16_0_1_1432716706814_38057" class=""><span \
id="yui_3_16_0_1_1432716706814_39407" class="">Hi Waldo, <br class="">
</span></div>
<div id="yui_3_16_0_1_1432716706814_46567" class=""><span \
id="yui_3_16_0_1_1432716706814_39407" class=""><br class=""> </span></div>
<div id="yui_3_16_0_1_1432716706814_46568" class=""><span \
id="yui_3_16_0_1_1432716706814_39407" class="">On the Certified Ethical Hacker v8 \
module on pg. 861. I have to apply a few steps. </span></div> <div \
id="yui_3_16_0_1_1432716706814_49066" class="">I have attached a pdf so you can have \
a look and have a better view. <br class="">
</div>
<div id="yui_3_16_0_1_1432716706814_49071" class="">Let me know if you are not able \
to view it. <br class="">
</div>
</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div><br class="">
</div>
<div>Looks like you are looking for an ICMP rule. Take a look at \
protocol-icmp.rules?</div> <div><br class="">
</div>
<div><span style="font-size: 12px; font-family: 'Lucida Grande';" \
class="">--</span><br class=""> <span style="font-size: 12px; font-family: 'Lucida \
Grande';" class=""><b class="">Joel Esler</b></span><br class=""> <span \
style="font-size: 12px; font-family: 'Lucida Grande';" class="">Open Source \
Manager</span><br class=""> <span style="font-size: 12px; font-family: 'Lucida \
Grande';" class="">Threat Intelligence Team Lead</span><br class=""> <span \
style="font-size: 12px; font-family: 'Lucida Grande';" class="">Talos Group</span><br \
class=""> <span style="font-size: 12px; font-family: 'Helvetica Neue';" class=""><a \
href="http://www.talosintel.com" class="">http://www.talosintel.com</a></span></div> \
<br class=""> <blockquote type="cite" class="">
<div class="">
<div class="">
<div style="background-color: rgb(255, 255, 255); font-family: HelveticaNeue, \
'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;" \
class=""> <div id="yui_3_16_0_1_1432716706814_40906" class=""><span \
id="yui_3_16_0_1_1432716706814_39407" class=""></span></div> <br class="">
<div class="qtdSeparateBR"><br class="">
<br class="">
</div>
<div style="display: block;" class="yahoo_quoted">
<div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida \
Grande, Sans-Serif; font-size: 16px;" class=""> <div style="font-family: \
HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; \
font-size: 16px;" class=""> <div dir="ltr" class=""><font face="Arial" size="2" \
class="">On Thursday, 28 May 2015, 12:39, waldo kitty <<a \
href="mailto:wkitty42@windstream.net" class="">wkitty42@windstream.net</a>> \
wrote:<br class=""> </font></div>
<br class="">
<br class="">
<div class="y_msg_container">On 05/27/2015 07:24 PM, Diego Batigoal wrote:<br \
clear="none" class=""> > I realized that and still struggling with this \
step. Maybe somebody that had<br clear="none" class=""> > done the same \
training (CEH v8) could help.<br clear="none" class=""> <br clear="none" class="">
what step? what training, where?<br clear="none" class="">
<br clear="none" class="">
> I can't proceed from this step onwards. I have found the missing rules but \
cant<br clear="none" class=""> > seem to find the one I want.<br clear="none" \
class=""> <br clear="none" class="">
what, exactly are you looking for? it is starting to sound like the training <br \
clear="none" class=""> ""manual"" it out of date... that's real \
easy to happen with snort and its rules <br clear="none" class=""> because of the way \
snort is updated and older versions are retired with no <br clear="none" class=""> \
support at all...<br clear="none" class=""> <br clear="none" class="">
-- <br clear="none" class="">
NOTE: No off-list assistance is given without prior approval.<br clear="none" \
class=""> Please *keep mailing list traffic on the list* \
unless<br clear="none" class=""> private contact is \
specifically requested and granted. <div class="yqt5412802536" id="yqtfd73777"><br \
clear="none" class=""> <br clear="none" class="">
------------------------------------------------------------------------------<br \
clear="none" class=""> _______________________________________________<br \
clear="none" class=""> Snort-sigs mailing list<br clear="none" class="">
<a shape="rect" ymailto="mailto:Snort-sigs@lists.sourceforge.net" \
href="mailto:Snort-sigs@lists.sourceforge.net" \
class="">Snort-sigs@lists.sourceforge.net</a><br clear="none" class=""> <a \
shape="rect" href="https://lists.sourceforge.net/lists/listinfo/snort-sigs" \
target="_blank" class="">https://lists.sourceforge.net/lists/listinfo/snort-sigs</a><br \
clear="none" class=""> <a shape="rect" href="http://www.snort.org/" target="_blank" \
class="">http://www.snort.org</a><br clear="none" class=""> <br clear="none" \
class=""> <br clear="none" class="">
Please visit <a shape="rect" href="http://blog.snort.org/" target="_blank" class="">
http://blog.snort.org </a>for the latest news about Snort!<br clear="none" class="">
</div>
<br class="">
<br class="">
</div>
</div>
</div>
</div>
</div>
</div>
<span id="cid:a220d23e-c2f4-71e9-461f-0028e38e7659@yahoo.com"><CEH v8 Labs Module \
17 Evading IDS, Firewalls and Honeypots<span class="Apple-tab-span" \
style="white-space:pre"> \
</span>16.pdf></span>------------------------------------------------------------------------------<br \
class=""> _______________________________________________<br class="">
Snort-sigs mailing list<br class="">
<a href="mailto:Snort-sigs@lists.sourceforge.net" \
class="">Snort-sigs@lists.sourceforge.net</a><br class=""> \
https://lists.sourceforge.net/lists/listinfo/snort-sigs<br class=""> \
http://www.snort.org<br class=""> <br class="">
<br class="">
Please visit http://blog.snort.org for the latest news about Snort!</div>
</blockquote>
</div>
<br class="">
</body>
</html>
[Attachment #4 (--===============1115948953057830522==)]
------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Please visit http://blog.snort.org for the latest news about Snort!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic