[Snort-sigs] Bleedingsnort.com Daily Update

Jose Maria Lopez jkerouac at ...2755...
Tue Aug 31 13:38:42 EDT 2004


El mar, 31 de 08 de 2004 a las 03:00, matt at ...2436... escribió:
> [***] Results from Oinkmaster started Mon Aug 30 20:00:01 2004 [***]
> 
> [///]     Modified active rules:     [///]
> 
>      -> Modified active in bleeding.rules (2):
>         old: alert ip any any -> any any (msg:"BLEEDING-EDGE Possible CIA trojan activity"; content:"CIA 1."; content:"pass"; classtype:trojan-activity; sid:2001234; rev:1;)
>         new: alert ip any any -> any any (msg:"BLEEDING-EDGE Win32/Small.AR outbound activity"; uricontent:"/zosman/cia/index.php"; classtype:trojan-activity; sid:2001234; rev:2;)
>         old: alert ip any any -> any any (msg:"BLEEDING-EDGE Possible CIA Trojan/Backdoor download/upload attempt"; content:"|6C 75 66 6A 65 6F 6F|"; classtype:trojan-activity; sid:2001233; rev:1;)
>         new: alert ip any any -> any any (msg:"BLEEDING-EDGE Possible Win32/Small.AR download/upload attempt"; content:"|6C 75 66 6A 65 6F 6F|"; classtype:trojan-activity; sid:2001233; rev:2;)
> 
> [+++]      Added non-rule lines:     [+++]
> 
>      -> Added to bleeding-sid-msg.map (2):
>         2001233 || BLEEDING-EDGE Possible Win32/Small.AR download/upload attempt
>         2001234 || BLEEDING-EDGE Win32/Small.AR outbound activity
> 
> [---]     Removed non-rule lines:    [---]
> 
>      -> Removed from bleeding-sid-msg.map (2):
>         2001233 || BLEEDING-EDGE Possible CIA Trojan/Backdoor download/upload attempt
>         2001234 || BLEEDING-EDGE Possible CIA trojan activity
> 
> [*] Added files: [*]
>     None.

I have read this message and I would like to know if oinkmaster
it's really capable of getting the new rules and add them without
touching the rules I have changed. This could be very important
for me, because when I install snort to a client they always want
rules to be updated automatically, but I always need to touch them
to make a good IDS.

So my question is: are you using oinkmaster to do this work? could
it do what I want it to do?

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...2755...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"





More information about the Snort-sigs mailing list