[Snort-sigs] Snort-sigs Digest, Vol 42, Issue 3

JJ Cummings cummingsj at ...2420...
Tue Nov 17 18:48:30 EST 2009


Try pulledpork http://code.google.com/p/pulledpork/

On Tue, Nov 17, 2009 at 4:41 PM, PR <oly562 at ...796...> wrote:

>  question - what is the offical way to update sigs/rules now for non-paying
> users. and does oinkmaster grab these at what address? mine address is not
> working. --  snortrules-snapshot-2.8.tar.gz
> from snort.org.
>
> what should i do? thanks. sorry pasting here, my bad. oly
>
> snort-sigs-request at lists.sourceforge.net wrote:
>
> Send Snort-sigs mailing list submissions to
> 	snort-sigs at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/snort-sigs
> or, via email, send a message with subject or body 'help' to
> 	snort-sigs-request at lists.sourceforge.net
>
> You can reach the person managing the list at
> 	snort-sigs-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-sigs digest..."
>
>
> Today's Topics:
>
>    1. AUTO: CN=Paul Drapeau/OU=BOS1/O=VRTX is out of the	office.
>       (Paul_Drapeau at ...1594...)
>    2. Re: Sourcefire VRT Certified Snort Rules Update (Mike Guiterman)
>    3. Re: Sourcefire VRT Certified Snort Rules Update
>       (evilghost at ...3397...)
>    4. Re: Sourcefire VRT Certified Snort Rules Update (Nigel Houghton)
>    5. Re: Sourcefire VRT Certified Snort Rules Update
>       (evilghost at ...3397...)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 13 Nov 2009 22:00:34 -0500
> From: Paul_Drapeau at ...1594...
> Subject: [Snort-sigs] AUTO: CN=Paul Drapeau/OU=BOS1/O=VRTX is out of
> 	the	office.
> To: snort-sigs at lists.sourceforge.net
> Message-ID:
> 	<OF49F2A737.7DA63F07-ON8525766E.00108849-8525766E.00108849 at ...1594...> <OF49F2A737.7DA63F07-ON8525766E.00108849-8525766E.00108849 at ...1594...>
> Content-Type: text/plain; charset="us-ascii"
>
>
>
> I will be out of the office starting Tue 11/10/2009 and will not return
> until Mon 11/16/2009.
>
> I will respond to your message when I return.
>
>
> Note: This is an automated response to your message  "Snort-sigs Digest,
> Vol 42, Issue 2" sent on 11/13/2009 4:48:24 PM.
>
> You will receive a notification for each message you send to this person
> while the person is away.
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Tue, 17 Nov 2009 14:04:58 -0500
> From: Mike Guiterman <mguiterman at ...435...> <mguiterman at ...435...>
> Subject: Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> To: "evilghost at ...3397..." <evilghost at ...3397...> <evilghost at ...3397...> <evilghost at ...3397...>
> Cc: "snort-sigs at lists.sourceforge.net" <snort-sigs at lists.sourceforge.net>
> 	<snort-sigs at lists.sourceforge.net> <snort-sigs at lists.sourceforge.net>
> Message-ID:
> 	<9ff4f37d0911171104t6c8a1596nfaf3cb98db6345d4 at ...2421...> <9ff4f37d0911171104t6c8a1596nfaf3cb98db6345d4 at ...2421...>
> Content-Type: text/plain; charset="iso-8859-1"
>
> This has been fixed.  Thanks for the report.
>
> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <evilghost at ...3397...> wrote:
>
>
>
>  The changelog is HTTP 404.
> research at ...435... wrote:
>
>
>  -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> As a result of ongoing research, the Sourcefire VRT has added multiple
> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
> rule sets to provide coverage for emerging threats from these
> technologies.
>
> For a complete list of new and modified rules please see:
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
> E3O1jvr9wb3Hy+DPpQ2RGLw=
> =c3JW
> -----END PGP SIGNATURE-----
>
>
>
>
>  ------------------------------------------------------------------------------
>
>
>  Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>
>
>  30-Day
>
>
>  trial. Simplify your report design, integration and deployment - and
>
>
>  focus on
>
>
>  what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing listSnort-sigs at ...3408...://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>        ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing listSnort-sigs at ...3408...://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>      -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 3
> Date: Tue, 17 Nov 2009 13:22:07 -0600
> From: "evilghost at ...3397..." <evilghost at ...3397...> <evilghost at ...3397...> <evilghost at ...3397...>
> Subject: Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> To: Mike Guiterman <mguiterman at ...435...> <mguiterman at ...435...>
> Cc: "snort-sigs at lists.sourceforge.net" <snort-sigs at lists.sourceforge.net>
> 	<snort-sigs at lists.sourceforge.net> <snort-sigs at lists.sourceforge.net>
> Message-ID: <4B02F7DF.7020305 at ...3397...> <4B02F7DF.7020305 at ...3397...>
> Content-Type: text/plain; charset="us-ascii"
>
> Negative, this is not resolved.  http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
> loads correctly and contains two HREFs to the Change log itself, one for
> 'Snort Version CURRENT' and one for 'Snort Version 2_8'
> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html
> is HTTP 404.http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html
> is HTTP 404.
>
> C'mon guys.  Many of us depend on these Change Logs before we blindly
> push out these VRT rules and the inability to correctly manage these
> Changelogs reflect poorly on you (SourceFire), especially when there's a
> 4 day lapse in response when the issue was initially reported and still
> it has not been resolved correctly.
>
> -evilghost
>
> Mike Guiterman wrote:
>
>
>  This has been fixed.  Thanks for the report.
>
> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <evilghost at ...3397...> wrote:
>
>
>
>
>  The changelog is HTTP 404.
> research at ...435... wrote:
>
>
>
>  -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> As a result of ongoing research, the Sourcefire VRT has added multiple
> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
> rule sets to provide coverage for emerging threats from these
> technologies.
>
> For a complete list of new and modified rules please see:
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
> E3O1jvr9wb3Hy+DPpQ2RGLw=
> =c3JW
> -----END PGP SIGNATURE-----
>
>
>
>
>
>  ------------------------------------------------------------------------------
>
>
>
>  Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>
>
>
>  30-Day
>
>
>
>  trial. Simplify your report design, integration and deployment - and
>
>
>
>  focus on
>
>
>
>  what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing listSnort-sigs at ...3408...://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>
>          ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing listSnort-sigs at ...3408...://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>
>      ------------------------------
>
> Message: 4
> Date: Tue, 17 Nov 2009 14:57:32 -0500
> From: Nigel Houghton <nhoughton at ...435...> <nhoughton at ...435...>
> Subject: Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update
> To: "evilghost at ...3397..." <evilghost at ...3397...> <evilghost at ...3397...> <evilghost at ...3397...>
> Cc: "snort-sigs at lists.sourceforge.net" <snort-sigs at lists.sourceforge.net>
> 	<snort-sigs at lists.sourceforge.net> <snort-sigs at lists.sourceforge.net>
> Message-ID:
> 	<3a88cd320911171157t33f93129me1116295d6cea117 at ...2421...> <3a88cd320911171157t33f93129me1116295d6cea117 at ...2421...>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Tue, Nov 17, 2009 at 2:22 PM, evilghost at ...3397...<evilghost at ...3397...> <evilghost at ...3397...> wrote:
>
>
>  Negative, this is not resolved.http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
> loads correctly and contains two HREFs to the Change log itself, one for
> 'Snort Version CURRENT' and one for 'Snort Version 2_8'
> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html
> is HTTP 404.http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html
> is HTTP 404.
>
> C'mon guys. ?Many of us depend on these Change Logs before we blindly
> push out these VRT rules and the inability to correctly manage these
> Changelogs reflect poorly on you (SourceFire), especially when there's a
> 4 day lapse in response when the issue was initially reported and still
> it has not been resolved correctly.
>
> -evilghost
>
> Mike Guiterman wrote:
>
>
>  This has been fixed. ?Thanks for the report.
>
> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <evilghost at ...3397...> wrote:
>
>
>
>
>  The changelog is HTTP 404.
> research at ...435... wrote:
>
>
>
>  -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Sourcefire VRT Certified Snort Rules Update
>
> Synopsis:
> This release adds and modifies rules in several categories.
>
> Details:
> As a result of ongoing research, the Sourcefire VRT has added multiple
> rules to the specific-threats, web-misc, p2p, backdoor and spyware-put
> rule sets to provide coverage for emerging threats from these
> technologies.
>
> For a complete list of new and modified rules please see:
> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
> E3O1jvr9wb3Hy+DPpQ2RGLw=
> =c3JW
> -----END PGP SIGNATURE-----
>
>
>
>
>
>  ------------------------------------------------------------------------------
>
>
>
>  Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>
>
>
>  30-Day
>
>
>
>  trial. Simplify your report design, integration and deployment - and
>
>
>
>  focus on
>
>
>
>  what you do best, core application coding. Discover what's new with
> Crystal Reports now. ?http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing listSnort-sigs at ...3408...://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>
>            ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. ?http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing listSnort-sigs at ...3408...://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
>                 If you use pulled pork to download your rules, it will show all the
> changes, including the shared object rules.
>
> This is a much better way of looking at what you are about to deploy
> than a page on a web site. Hopefully, the next release of pulled pork
> will give you the option of creating a changelog file. This way you
> can see the changes between what you have and what you are getting, as
> opposed to the changes between subsequent files.
>
>
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091117/4126ea34/attachment.html>


More information about the Snort-sigs mailing list