Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] UPDATE TO BLEEDINGSNORT RULESETS!!!!

from [Matt Jonkman] Network Security [Permanent Link]
Subject: [Snort-sigs] UPDATE TO BLEEDINGSNORT RULESETS!!!!
Date: Tue, 07 Sep 2004 22:46:16 -0500
We've had a lot of interest and new rules submitted in the virus and work arena since we started bleedingsnort. That's been a difficult thing to do in the official sets because of the speed of propagation and the number of variations that are inevitably seen for any successful worm or virus.

The Bleeding snort project is better suited to handle the change load, and so we're going to fork another set of rules called the bleeding-virus ruleset. this will be handled just like the bleeding-malware ruleset. It'll be a separate text file available direct or via the tarballs we distribute.

READ THIS IF YOU'RE JUST SKIMMING THIS EMAIL!!!

You need to add this to your snort.conf:
include $RULE_PATH/bleeding-virus.rules

YOU MAY CONTINUE SKIMMING.....

We don't intend to do a significant amount of future ruleset forking. This and the malware set are forked because of their disparate interest, and the amount of changes each will endure. Many admins using bleeding rulesets use just one or the other but not both, or don't want certain sets on certain sensors. This makes it easier for you to comment out an entire ruleset rather than tracking and disabling sids, etc.

These changes will be reflected in the bleeding snort rules shortly.

We'd also like to thank Michael Sconzo and his peers at the Netsquid project. We'll be pulling their rules into the new virus rulesets on bleedingsnort.com. They've done some great signature work, and have a very effective tool. We recommend giving it a look if you've got a relatively uncontrolled net that needs some taming (like a university network, etc). http://netsquid.tamu.edu/main.html

And as always, please speak up if any of these changes break something, have typo's (which we're really good at), or you see a better way to do it.

Thanks

Matt


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, matt
Next by Date:  [Snort-sigs] DameWare rule, Ole-Martin
Previous by Thread:  [Snort-sigs] snort-rules update @ Tue Sep 7 18:15:41 2004, bmc
Next by Thread:  Re: [Snort-sigs] UPDATE TO BLEEDINGSNORT RULESETS!!!!, Rocio Alfonso Pita
Indexes:  [Date] [Thread] [Top] [All Lists]