Re: [Snort-users] Serious Snort Bug Could Lead To Next Slammer

Just to make sure there is no confusion, this is regarding the 
vulnerability found in the Back Orifice preprocessor in Snort 
2.4.0-2.4.2. Snort 2.4.3 has been released to correct the issue and 
provide detection capabilities for attempts to exploit the 
vulnerability. This was announced on the site and mailing lists on 
October 18, 2005 at 9:18am EDT.

Complete details are available at 
http://www.snort.org/rules/advisories/snort_update_20051018.html.

As always, let me know if anyone has any questions.

Thanks,
Jennifer

Michael Steele wrote:
> I found this:
>
> http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=17230
> 2520
>
> No mention on Snort.org or in the list.
>
> Kindest regards,
> Michael...
>
> WINSNORT.com Management Team Member
> --
> Pick up your FREE Windows or UNIX Snort installation guides
> mailto:support@winsnort.com
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
> -----Original Message-----
> From: snort-users-admin@lists.sourceforge.net
> [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Igor Belikov
> Sent: Thursday, October 20, 2005 12:18 AM
> To: snort-users@lists.sourceforge.net
> Subject: Re[2]: [Snort-users] need help configuring snort + barnyard
>
> Hello Chris,
>
> Wednesday, October 19, 2005, 7:31:05 PM, you wrote:
>
> CE> |   I configured snort to write both alert and log files in unified
> CE> |   format. But I can't configure barnyard properly to store in DB
> CE> |   detailed info about alerts.
> CE> | 
> CE> |   Barnyard "watch" alert files and stores info about alerts, but I
> CE> |   need also store whole packets caused alert.
>
> CE> It seems you don't need to have snort write both unified files.  All the
> CE> required info seems to be in the unified "log" file, so this is what you
> CE> want barnyard to read.  It's not at all clear to us what info is in the
> CE> unified "alert" file that's not *also* in the unified "log" file.  So we
> CE> don't write a unified "alert" file at all.
>
> It's sounds good, but I still can't configure snort + barnyard.
>
> Last configs:
>
>   - snort:
>
> output log_unified: filename snort.log, limit 128
>
>   - barnyard:
>
> output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x, user
> xxxxx, password xxxxx, detail full
>
> In /log directory I see "snort.log.<timestamp>", "barnyard.waldo"
> (with correct link to snort.log) and "alert" (with alerts produced by
> snort).
>
> Watching log files I see that barnyard works (link in waldo file
> follows growing snort.log), but I don't get any new alerts in DB.
>
> Using previous variant of configs (using unified alert) barnyard put
> all alerts in DB.
>
> Please, point me where I make mistake.


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users