[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] Snort.org Blog: Sourcefire VRT Certified Snort Rules	Update for 08/29/2013
From:       Joel Esler <jesler () sourcefire ! com>
Date:       2013-08-29 23:51:38
Message-ID: 3472E23A-CF5D-40A0-9FE5-C7FD6642E639 () sourcefire ! com
[Download RAW message or body]

We had ports occasionally when we write a rule that requires it.  If we need to do \
HTTP reassembly on a nonstandard port, will add one. 

--
Joel Esler

> On Aug 29, 2013, at 7:34 PM, "Jefferson, Shawn" <Shawn.Jefferson@bcferries.com> \
> wrote: 
> Thanks Joel. Does the VRT team ever explain why they've added these ports to those \
> configs?  I don't see that anywhere in the blog post. 
> -----Original Message-----
> From: Joel Esler [mailto:jesler@sourcefire.com] 
> Sent: Thursday, August 29, 2013 4:27 PM
> To: snort-users; Snort-sigs list
> Subject: [Snort-users] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update \
> for 08/29/2013 
> I don't always send these out to the mailing lists, as they are already sent out in \
> another form, but since we had some snort.conf updates in this release, I thought \
> I'd make double sure! 
> http://blog.snort.org/2013/08/sourcefire-vrt-certified-snort-rules_29.html
> 
> Just released:
> Sourcefire VRT Certified Snort Rules Update for 08/29/2013
> 
> We welcome the introduction of the newest rule release for today from the VRT. In \
> this release we introduced 45 new rules and made modifications to 37 additional \
> rules.  
> There were changes made to the snort.conf in this release:
> The following ports were added to HTTP_PORTS, http_inspect, and stream5 (ports \
> both) 36
> 818
> 801
> 972
> 4000
> 
> The example Snort.conf's have been updated here:
> http://www.snort.org/vrt/snort-conf-configurations/
> 
> The VRT would like to thank the following individuals for their contributions, \
> their rules are included in the Community Ruleset: 
> James Lay:
> 27726
> 27727
> 27728
> 
> In VRT's rule release: 
> The Sourcefire VRT has added and modified multiple rules in the blacklist, \
> browser-ie, browser-plugins, deleted, exploit-kit, file-flash, file-java, \
> file-office, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, \
> os-mobile, protocol-dns, pua-adware, server-apache, server-mail, server-other and \
> sql rule sets to provide coverage for emerging threats from these technologies. 
> 
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies and \
> advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos \
> with LearnDevNow. Subscribe today and save! \
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk \
> _______________________________________________ Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


[prev in list] [next in list] [prev in thread] [next in thread]