[Snort-sigs] If You're Using Bleeding Snort Rules Read This!!

Joel Esler eslerj at ...2420...
Thu Jun 9 10:55:23 EDT 2005


makes sense, sorry. would help if I would have.... read the signatures.

On 6/9/05, Matt Jonkman <matt at ...2436...> wrote:
> 
> Any doesn't work in this case or it'd have been done. The ssh var is
> needed to be excluded, to tell us about ssh on other ports. Ports that
> are not authorized.
> 
> Ya, vars will be a good thing for ossrc to handle. But still, I'm sure
> new vars will be added in the future. We all have to be watching and
> have tools that can easily integrate new vars.
> 
> Matt
> 
> Joel Esler wrote:
> > Wouldn't it be just as efficient to add "any" instead of "$SSH_PORTS"
> > or whatever the var is? I mean.. really.. I think that settles the
> > whole document. On the other hand, I would recommend turning "var"s
> > over to either OSSRC or sourcefire themselves. It's their product!
> > They should build it into the snort.conf that comes with it if it's that
> > big a deal for a few rules.
> >
> > I'd much rather go with the "any" statement.
> >
> > J
> >
> >
> > On Jun 9, 2005, at 12:37 AM, Frank Knobbe wrote:
> >
> >> On Wed, 2005-06-08 at 23:29 -0500, Eric Maheo wrote:
> >>
> >>> I think OSSRC should also be the provider of VARIABLES.
> >>
> >>
> >> LOL!! How is that different? If OSSRC adds a variable, and you still
> >> don't pay attention, you still have the same shit hitting the same fan.
> >>
> >> Get a clue. You dropped the ball. Suck it up and get over it. That's
> >> hardly a topic to keep alive on a list dealing with sigs.
> >>
> >> -Frank
> >>
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net <http://SF.Net> email is sponsored by: NEC IT Guy Games. How 
> far can you
> > shotput
> > a projector? How fast can you ride your desk chair down the office luge
> > track?
> > If you want to score the big prize, get to know the little guy. Play to
> > win an NEC 61" plasma display: http://www.necitguy.com/?r=20
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
> --
> --------------------------------------------
> Matthew Jonkman, CISSP
> Senior Security Engineer
> Infotex
> 765-429-0398 Direct Anytime
> 765-448-6847 Office
> 866-679-5177 24x7 NOC
> my.infotex.com <http://my.infotex.com>
> www.offsitefilter.com <http://www.offsitefilter.com>
> www.bleedingsnort.com <http://www.bleedingsnort.com>
> --------------------------------------------
> 
> 
> NOTICE: The information contained in this email is confidential
> and intended solely for the intended recipient. Any use,
> distribution, transmittal or retransmittal of information
> contained in this email by persons who are not intended
> recipients may be a violation of law and is strictly prohibited.
> If you are not the intended recipient, please contact the sender
> and delete all copies.
> 



-- 
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050609/2c59da4f/attachment.html>


More information about the Snort-sigs mailing list