Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Snort updates and a new ruleset

from [Matt Jonkman] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Snort updates and a new ruleset
Date: Tue, 14 Dec 2004 20:43:30 -0500
The custom ruleset we enabled a week or so ago was orogonally just a grep of all rules that had been disabled by default. The idea was to give folks a way to easily look at everything that's disabled and decide if they want to use it themselves. There was a lot of interest there, and some new rules that do need that consideration. So we're turning it into a real ruleset. That's done now. You'll need to add to your snort.conf:

include $RULE_PATH/bleeding-custom.rules

Unless you're just running the full ruleset. These will all be disabled by default. You can view what's there now at
http://www.bleedingsnort.com/bleeding-custom.rules

We will be slowly moving more of the disabled rules there as we go. The goal being that every rule in other rulesets is active and safe to use by default. Anything that can't fit that criteria will move to the custom set where you'll have to take a look yourself.

You'll see a lot of junk in today's update, ignore most of it, that reflects the change here.

Feedback welcome as always.

Matt


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] Bleeding Snort updates and a new ruleset, Matt Jonkman <=
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] False +ves for SID 2657 :EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt, Russell Fulton
Next by Thread:  [Snort-sigs] Snort Alert 1:3003:0 NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt, Taylor, Graham
Indexes:  [Date] [Thread] [Top] [All Lists]