RE: [Snort-users] Bleeding Rules not detecting

Check to make sure the CONFIG you are using for snort includes these rules 
(maybe lost them when switching from 2.3 - 2.4)

I forgot to put the bleeding rules into the new 2.4 config when I updated 
and was wondering why I was not getting BLEEDING-EDGE Hits, DFO.

Shirkdog
http://www.shirkdog.us




> From: "Brian Blake" <BBlake@AmericanBackground.com>
> To: <snort-users@lists.sourceforge.net>
> Subject: RE: [Snort-users] Bleeding Rules not detecting
> Date: Fri, 19 Aug 2005 10:13:46 -0400
>
> var $RULE_PATH /etc/snort/
>
> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net
> [mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of M. Shirk
> Sent: Friday, August 19, 2005 10:09 AM
> To: snort-users@lists.sourceforge.net
> Subject: RE: [Snort-users] Bleeding Rules not detecting
>
>
> Where is the $RULE_PATH variable pointing too...
>
> Shirkdog
> http://www.shirkdog.us
>
>
>
>
> >From: "Brian Blake" <BBlake@AmericanBackground.com>
> >To: <snort-users@lists.sourceforge.net>
> >Subject: [Snort-users] Bleeding Rules not detecting
> >Date: Fri, 19 Aug 2005 09:44:06 -0400
> >
> >To all:
> >
> >Until recently the bleeding edge rules worked great, little noisy, but
> >great none the less.  Then, after doing an update about 1 month ago, the
> >alerts stopped showing up.  Due to time constraints I have not been able 
> to
> >troubleshoot this recently.
> >
> >Snort Version 2.4
> >My snort config:
> >
> >var HOME_NET x.x.0.0/22
> >var EXTERNAL_NET ANY
> >.
> >.
> >.
> >include $RULE_PATH/bleeding.rules
> >include $RULE_PATH/bleeding-malware.rules
> >include $RULE_PATH/bleeding-virus.rules
> >include $RULE_PATH/bleeding-policy.rules
> >include $RULE_PATH/bleeding-p2p.rules
> >include $RULE_PATH/bleeding-exploit.rules
> >include $RULE_PATH/bleeding-web.rules
> >include $RULE_PATH/bleeding-attack_response.rules
> >include $RULE_PATH/bleeding-dos.rules
> >include $RULE_PATH/bleeding-scan.rules
> >include $RULE_PATH/bleeding-inappropriate.rules
> >include $RULE_PATH/bleeding-custom.rules
> >include $RULE_PATH/bleeding-game.rules
> >
> >Any ideas as to how to get these to work again?  Or good ways to test 
> them?
> >  My snort-rules emails used to send up false positives, which I am not
> >getting anymore.
> >
> >TIA
> >
> >Brian Blake
> >Security Technician
> >American Background Information Services, Inc.
> >
> >
> >
> >
> >
> >
> >-------------------------------------------------------
> >SF.Net email is Sponsored by the Better Software Conference & EXPO
> >September 19-22, 2005 * San Francisco, CA * Development Lifecycle 
> Practices
> >Agile & Plan-Driven Development * Managing Projects & Teams * Testing & 
> QA
> >Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users@lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users