Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] Bleedingsnort.com Daily Update

from [Jose Maria Lopez] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] Bleedingsnort.com Daily Update
Date: 01 Sep 2004 19:53:49 +0200 
El miÃ, 01 de 09 de 2004 a las 12:51, Andreas Ãstling escribiÃ:

FYI, there are some changes in the upcoming Oinkmaster 1.1 that will let you 
specify SIDs that should never be updated (i.e. rules to always keep the 
local version of, even if the new version is different). 



That would be interesting, but I don't usually change the rules, just
enable or disable them, so the actual version seems ok for me. Anyway
I will check it, because I want to check also the flexresp2 feature of
snort 2.2 and then I will probably have to change some rules.


Personally I'm not too thrilled about this feature because I think that this 
is usually not the best way to solve the problem. I prefer the way Hugo 
suggested, or by applying a simple substitution expression on rules that need 
to be slightly customized after each update by using 'modifysid' in 
Oinkmaster. (By customized I mean modified in other ways than simply enabling 
or disabling them).

The changes are in
http://oinkmaster.sourceforge.net/oinkmaster-snapshot.tar.gz
if you want to try it. The included oinkmaster.conf and the FAQ (mostly Q21) 
contains some docs regarding this issue, but keep in mind that they very much 
reflect my personal opinions and those may not be valid in your 
environment :)

/Andreas



Thanks for your advice.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&opÌk
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez
Next by Date:  Re: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez
Previous by Thread:  Re: [Snort-sigs] Bleedingsnort.com Daily Update, Andreas Östling
Next by Thread:  Re: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez
Indexes:  [Date] [Thread] [Top] [All Lists]