[Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013

Joel Esler jesler at ...435...
Sat Nov 2 18:42:34 EDT 2013


Thank you for pointing it my mistake. The snort.conf is correct.  The blog post was wrong.  

--
Joel Esler

> On Nov 2, 2013, at 13:28, Anshuman Anil Deshmukh <anshuman at ...3852...> wrote:
> 
> Hi Joel,
>  
> One observation. Just need to make you aware that in the mail below you have mentioned port 33330, but in the snort.confs example page port mentioned is 33300. I believe 33300 is the correct port (used for Magnitude Exploit Kit).
>  
>  
> Thanks and Regards,
> Anshuman
>  
> From: Joel Esler [mailto:jesler at ...435...] 
> Sent: Friday, November 01, 2013 1:40 AM
> To: Snort; Snort-sigs
> Subject: [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013
>  
> 
> 
> http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html
> 
> Sourcefire VRT Certified Snort Rules Update for 10/31/2013
> 
> 
> We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 27 new rules and made modifications to 7 additional rules. 
> 
> There were three changes made to the snort.conf in this release:
> 
> The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections: 
> 
> 51423
> 44440
> 33330
> 15489
> 
> The Snort.confs on the example page have been updated:
> http://www.snort.org/vrt/snort-conf-configurations/
> 
> --
> Joel Esler
> AEGIS Intelligence Lead
> OpenSource Community Manager
> Vulnerability Research Team, Sourcefire
> 
> 
> 
> "Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." www.cybage.com
> 
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> 
> 
> Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20131102/6b7a359d/attachment.html>


More information about the Snort-sigs mailing list