[Snort-sigs] Snort-sigs Digest, Vol 42, Issue 3

PR oly562 at ...796...
Tue Nov 17 18:41:32 EST 2009


question - what is the offical way to update sigs/rules now for 
non-paying users. and does oinkmaster grab these at what address? mine 
address is not working. --  snortrules-snapshot-2.8.tar.gz
from snort.org.

what should i do? thanks. sorry pasting here, my bad. oly

snort-sigs-request at lists.sourceforge.net wrote:
> Send Snort-sigs mailing list submissions to
> 	snort-sigs at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/snort-sigs
> or, via email, send a message with subject or body 'help' to
> 	snort-sigs-request at lists.sourceforge.net
>
> You can reach the person managing the list at
> 	snort-sigs-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-sigs digest..."
>
>
> Today's Topics:
>
>    1. AUTO: CN=Paul Drapeau/OU=BOS1/O=VRTX is out of the	office.
>       (Paul_Drapeau at ...1594...)
>    2. Re: Sourcefire VRT Certified Snort Rules Update (Mike Guiterman)
>    3. Re: Sourcefire VRT Certified Snort Rules Update
>       (evilghost at ...3397...)
>    4. Re: Sourcefire VRT Certified Snort Rules Update (Nigel Houghton)
>    5. Re: Sourcefire VRT Certified Snort Rules Update
>       (evilghost at ...3397...)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 13 Nov 2009 22:00:34 -0500
> From: Paul_Drapeau at ...1594...
> Subject: [Snort-sigs] AUTO: CN=Paul Drapeau/OU=BOS1/O=VRTX is out of
> 	the	office.
> To: snort-sigs at lists.sourceforge.net
> Message-ID:
> 	<OF49F2A737.7DA63F07-ON8525766E.00108849-8525766E.00108849 at ...1594...>
> Content-Type: text/plain; charset="us-ascii"
>
>
>
> I will be out of the office starting Tue 11/10/2009 and will not return
> until Mon 11/16/2009.
>
> I will respond to your message when I return.
>
>
> Note: This is an automated response to your message  "Snort-sigs Digest,
> Vol 42, Issue 2" sent on 11/13/2009 4:48:24 PM.
>
> You will receive a notification for each message you send to this person
> while the person is away.
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Tue, 17 Nov 2009 14:04:58 -0500
> From: Mike Guiterman <mguiterman at ...435...>
> Subject: Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> To: "evilghost at ...3397..." <evilghost at ...3397...>
> Cc: "snort-sigs at lists.sourceforge.net"
> 	<snort-sigs at lists.sourceforge.net>
> Message-ID:
> 	<9ff4f37d0911171104t6c8a1596nfaf3cb98db6345d4 at ...2421...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> This has been fixed.  Thanks for the report.
>
> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <
> evilghost at ...3397...> wrote:
>
>   
>> The changelog is HTTP 404.
>>
>> research at ...435... wrote:
>>     
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> Sourcefire VRT Certified Snort Rules Update
>>>
>>> Synopsis:
>>> This release adds and modifies rules in several categories.
>>>
>>> Details:
>>> As a result of ongoing research, the Sourcefire VRT has added multiple
>>> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
>>> rule sets to provide coverage for emerging threats from these
>>> technologies.
>>>
>>> For a complete list of new and modified rules please see:
>>>
>>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.6 (GNU/Linux)
>>>
>>> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
>>> E3O1jvr9wb3Hy+DPpQ2RGLw=
>>> =c3JW
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>>       
>> ------------------------------------------------------------------------------
>>     
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>>       
>> 30-Day
>>     
>>> trial. Simplify your report design, integration and deployment - and
>>>       
>> focus on
>>     
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Snort-sigs mailing list
>>> Snort-sigs at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>
>>>
>>>       
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>>     
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 3
> Date: Tue, 17 Nov 2009 13:22:07 -0600
> From: "evilghost at ...3397..." <evilghost at ...3397...>
> Subject: Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> To: Mike Guiterman <mguiterman at ...435...>
> Cc: "snort-sigs at lists.sourceforge.net"
> 	<snort-sigs at lists.sourceforge.net>
> Message-ID: <4B02F7DF.7020305 at ...3397...>
> Content-Type: text/plain; charset="us-ascii"
>
> Negative, this is not resolved.  
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html 
> loads correctly and contains two HREFs to the Change log itself, one for 
> 'Snort Version CURRENT' and one for 'Snort Version 2_8'
>
> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html 
> is HTTP 404.
> http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html 
> is HTTP 404.
>
> C'mon guys.  Many of us depend on these Change Logs before we blindly 
> push out these VRT rules and the inability to correctly manage these 
> Changelogs reflect poorly on you (SourceFire), especially when there's a 
> 4 day lapse in response when the issue was initially reported and still 
> it has not been resolved correctly.
>
> -evilghost
>
> Mike Guiterman wrote:
>   
>> This has been fixed.  Thanks for the report.
>>
>> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <
>> evilghost at ...3397...> wrote:
>>
>>   
>>     
>>> The changelog is HTTP 404.
>>>
>>> research at ...435... wrote:
>>>     
>>>       
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>>
>>>> Sourcefire VRT Certified Snort Rules Update
>>>>
>>>> Synopsis:
>>>> This release adds and modifies rules in several categories.
>>>>
>>>> Details:
>>>> As a result of ongoing research, the Sourcefire VRT has added multiple
>>>> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
>>>> rule sets to provide coverage for emerging threats from these
>>>> technologies.
>>>>
>>>> For a complete list of new and modified rules please see:
>>>>
>>>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.4.6 (GNU/Linux)
>>>>
>>>> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
>>>> E3O1jvr9wb3Hy+DPpQ2RGLw=
>>>> =c3JW
>>>> -----END PGP SIGNATURE-----
>>>>
>>>>
>>>>       
>>>>         
>>> ------------------------------------------------------------------------------
>>>     
>>>       
>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>>>       
>>>>         
>>> 30-Day
>>>     
>>>       
>>>> trial. Simplify your report design, integration and deployment - and
>>>>       
>>>>         
>>> focus on
>>>     
>>>       
>>>> what you do best, core application coding. Discover what's new with
>>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>>> _______________________________________________
>>>> Snort-sigs mailing list
>>>> Snort-sigs at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>
>>>>
>>>>       
>>>>         
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>> trial. Simplify your report design, integration and deployment - and focus
>>> on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Snort-sigs mailing list
>>> Snort-sigs at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>
>>>     
>>>       
>>   
>>     
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 17 Nov 2009 14:57:32 -0500
> From: Nigel Houghton <nhoughton at ...435...>
> Subject: Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> To: "evilghost at ...3397..." <evilghost at ...3397...>
> Cc: "snort-sigs at lists.sourceforge.net"
> 	<snort-sigs at lists.sourceforge.net>
> Message-ID:
> 	<3a88cd320911171157t33f93129me1116295d6cea117 at ...2421...>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Tue, Nov 17, 2009 at 2:22 PM, evilghost at ...3397...
> <evilghost at ...3397...> wrote:
>   
>> Negative, this is not resolved.
>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>> loads correctly and contains two HREFs to the Change log itself, one for
>> 'Snort Version CURRENT' and one for 'Snort Version 2_8'
>>
>> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html
>> is HTTP 404.
>> http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html
>> is HTTP 404.
>>
>> C'mon guys. ?Many of us depend on these Change Logs before we blindly
>> push out these VRT rules and the inability to correctly manage these
>> Changelogs reflect poorly on you (SourceFire), especially when there's a
>> 4 day lapse in response when the issue was initially reported and still
>> it has not been resolved correctly.
>>
>> -evilghost
>>
>> Mike Guiterman wrote:
>>     
>>> This has been fixed. ?Thanks for the report.
>>>
>>> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <
>>> evilghost at ...3397...> wrote:
>>>
>>>
>>>       
>>>> The changelog is HTTP 404.
>>>>
>>>> research at ...435... wrote:
>>>>
>>>>         
>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>> Hash: SHA1
>>>>>
>>>>>
>>>>> Sourcefire VRT Certified Snort Rules Update
>>>>>
>>>>> Synopsis:
>>>>> This release adds and modifies rules in several categories.
>>>>>
>>>>> Details:
>>>>> As a result of ongoing research, the Sourcefire VRT has added multiple
>>>>> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
>>>>> rule sets to provide coverage for emerging threats from these
>>>>> technologies.
>>>>>
>>>>> For a complete list of new and modified rules please see:
>>>>>
>>>>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>>>>> -----BEGIN PGP SIGNATURE-----
>>>>> Version: GnuPG v1.4.6 (GNU/Linux)
>>>>>
>>>>> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
>>>>> E3O1jvr9wb3Hy+DPpQ2RGLw=
>>>>> =c3JW
>>>>> -----END PGP SIGNATURE-----
>>>>>
>>>>>
>>>>>
>>>>>           
>>>> ------------------------------------------------------------------------------
>>>>
>>>>         
>>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>>>>
>>>>>           
>>>> 30-Day
>>>>
>>>>         
>>>>> trial. Simplify your report design, integration and deployment - and
>>>>>
>>>>>           
>>>> focus on
>>>>
>>>>         
>>>>> what you do best, core application coding. Discover what's new with
>>>>> Crystal Reports now. ?http://p.sf.net/sfu/bobj-july
>>>>> _______________________________________________
>>>>> Snort-sigs mailing list
>>>>> Snort-sigs at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>>
>>>>>
>>>>>
>>>>>           
>>>> ------------------------------------------------------------------------------
>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>>>> trial. Simplify your report design, integration and deployment - and focus
>>>> on
>>>> what you do best, core application coding. Discover what's new with
>>>> Crystal Reports now. ?http://p.sf.net/sfu/bobj-july
>>>> _______________________________________________
>>>> Snort-sigs mailing list
>>>> Snort-sigs at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>
>>>>
>>>>         
>>>       
>
>
> If you use pulled pork to download your rules, it will show all the
> changes, including the shared object rules.
>
> This is a much better way of looking at what you are about to deploy
> than a page on a web site. Hopefully, the next release of pulled pork
> will give you the option of creating a changelog file. This way you
> can see the changes between what you have and what you are getting, as
> opposed to the changes between subsequent files.
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091117/cd6187b4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oly562.vcf
Type: text/x-vcard
Size: 252 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091117/cd6187b4/attachment.vcf>


More information about the Snort-sigs mailing list