[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

Nigel Houghton nhoughton at ...435...
Tue Nov 17 14:57:32 EST 2009


On Tue, Nov 17, 2009 at 2:22 PM, evilghost at ...3397...
<evilghost at ...3397...> wrote:
> Negative, this is not resolved.
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
> loads correctly and contains two HREFs to the Change log itself, one for
> 'Snort Version CURRENT' and one for 'Snort Version 2_8'
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html
> is HTTP 404.
> http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html
> is HTTP 404.
>
> C'mon guys.  Many of us depend on these Change Logs before we blindly
> push out these VRT rules and the inability to correctly manage these
> Changelogs reflect poorly on you (SourceFire), especially when there's a
> 4 day lapse in response when the issue was initially reported and still
> it has not been resolved correctly.
>
> -evilghost
>
> Mike Guiterman wrote:
>> This has been fixed.  Thanks for the report.
>>
>> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <
>> evilghost at ...3397...> wrote:
>>
>>
>>> The changelog is HTTP 404.
>>>
>>> research at ...435... wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>
>>>> Sourcefire VRT Certified Snort Rules Update
>>>>
>>>> Synopsis:
>>>> This release adds and modifies rules in several categories.
>>>>
>>>> Details:
>>>> As a result of ongoing research, the Sourcefire VRT has added multiple
>>>> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
>>>> rule sets to provide coverage for emerging threats from these
>>>> technologies.
>>>>
>>>> For a complete list of new and modified rules please see:
>>>>
>>>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.4.6 (GNU/Linux)
>>>>
>>>> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
>>>> E3O1jvr9wb3Hy+DPpQ2RGLw=
>>>> =c3JW
>>>> -----END PGP SIGNATURE-----
>>>>
>>>>
>>>>
>>> ------------------------------------------------------------------------------
>>>
>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>>>
>>> 30-Day
>>>
>>>> trial. Simplify your report design, integration and deployment - and
>>>>
>>> focus on
>>>
>>>> what you do best, core application coding. Discover what's new with
>>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>>> _______________________________________________
>>>> Snort-sigs mailing list
>>>> Snort-sigs at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>
>>>>
>>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>> trial. Simplify your report design, integration and deployment - and focus
>>> on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Snort-sigs mailing list
>>> Snort-sigs at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>
>>>
>>
>>
>


If you use pulled pork to download your rules, it will show all the
changes, including the shared object rules.

This is a much better way of looking at what you are about to deploy
than a page on a web site. Hopefully, the next release of pulled pork
will give you the option of creating a changelog file. This way you
can see the changes between what you have and what you are getting, as
opposed to the changes between subsequent files.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-sigs mailing list