Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] Bleedingsnort.com Daily Update

from [Jose Maria Lopez] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] Bleedingsnort.com Daily Update
Date: 01 Sep 2004 19:53:45 +0200 
El miÃ, 01 de 09 de 2004 a las 07:24, Hugo van der Kooij escribiÃ:

On Tue, 31 Aug 2004, Jose Maria Lopez wrote:


I have read this message and I would like to know if oinkmaster
it's really capable of getting the new rules and add them without
touching the rules I have changed. This could be very important
for me, because when I install snort to a client they always want
rules to be updated automatically, but I always need to touch them
to make a good IDS.

So my question is: are you using oinkmaster to do this work? could
it do what I want it to do?


No.

Because the moment you change a rule you are out of sync and need to claim
your own ID and not leave the original ID in.

However, if you make sure any rule you change get's it's own unique ID
(say add 4500000 to the ID) you can then disable any changed ID from the
original list as documented in oinkmaster.

But the only way to know if it works is to try it.


I'll give it a try, because what I mainly do it's to comment or
uncomment rules, or add new ones. I don't usually change the main
rules, so maybe it could work for me.



And I would never install an IDS with automatic rules like the ones on
bleedingsnort unless you have 24/7 acccess to the system and a
knowledgeable admin.



Yes, that sounds sensible. What I mainly want is to add the new rules
from the snort.org site, and maybe once a week add the rules I found
useful from bleedingsnort by hand. The idea is to have a daily update
of the snort.org rules and integrate this with my own changes and the
bleedingsnort useful rules by hand.


Hugo.


Thanks for your advice.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&opÌk
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, matt
Previous by Thread:  Re: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez
Next by Thread:  Re: [Snort-sigs] Bleedingsnort.com Daily Update, Jose Maria Lopez
Indexes:  [Date] [Thread] [Top] [All Lists]