[Snort-sigs] Snort-sigs Digest, Vol 113, Issue 16

Ankit singh ankitsingh5934 at ...2420...
Wed Oct 28 01:16:27 EDT 2015


Thanks Joel for your reply, But I am interested in the pcap which is
uploaded by other members. So I wanted the path/link from where I can
download the pcap uploaded by other community members.

On Wed, Oct 28, 2015 at 2:54 AM, Joel Esler (jesler) <jesler at ...3865...>
wrote:

> The “community” portal, which is referred to in the thread, the False
> Positive Submission portal on Snort.org <http://snort.org>.  It goes to
> our analysts for FP fixes.
>
>
> --
> *Joel Esler*
> Manager, Talos Group
>
>
>
>
> On Oct 27, 2015, at 1:24 PM, Ankit singh <ankitsingh5934 at ...2420...> wrote:
>
> From where can i get the link for donwloading the pcap uploaded on
> community portal, as mentioned below? for neutrino
>
> Thanks,
> Ankit
>
> On Tue, Oct 27, 2015 at 8:44 PM, <snort-sigs-request at lists.sourceforge.net
> > wrote:
>
>> Send Snort-sigs mailing list submissions to
>>         snort-sigs at lists.sourceforge.net
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> or, via email, send a message with subject or body 'help' to
>>         snort-sigs-request at lists.sourceforge.net
>>
>> You can reach the person managing the list at
>>         snort-sigs-owner at lists.sourceforge.net
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Snort-sigs digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Snort Logs (buzzlightstory at ...2420...)
>>    2. lots of false positives, Neutrino (Grant.Sims at ...4079...)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Sat, 24 Oct 2015 21:41:59 +0100
>> From: buzzlightstory at ...2420...
>> Subject: [Snort-sigs] Snort Logs
>> To: snort-sigs at lists.sourceforge.net
>> Message-ID: <8A12B0A0-9D2B-47CB-A28F-691CE76B1444 at ...2420...>
>> Content-Type: text/plain;       charset=us-ascii
>>
>> Dear All,
>>
>> I'm have problems logging my snort alert as the log file in
>> '/var/log/snort.log' is always empty. I've also tried some output plugins
>> like alert_full, alert_fast and syslog but they are all empty files. Please
>> help as I'm stuck.  I'm running snort under Linux :))
>>
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Fri, 23 Oct 2015 17:32:58 +0000
>> From: <Grant.Sims at ...4079...>
>> Subject: [Snort-sigs] lots of false positives, Neutrino
>> To: <snort-sigs at lists.sourceforge.net>
>> Message-ID:
>>         <067A3D7A9D5A244D87B7E94EA2D369FAE31B7F80 at ...4080...>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> I was looking at my snort alerts on SecurityOnion today and noticed a TON
>> of alerts for "EXPLOIT-KIT Neutrino exploit kit landing page detected"
>> (rule screenshot is attached)
>>
>>
>>
>> looking at the rules for the past two years I have not seen many false
>> positives on exploit kit landing pages. however this seem to be coming in
>> for a wide range of users and a wide range of sites (everything from dell
>> to evite to bing domains)
>>
>>
>>
>> Just curious  if other people out there are experiencing this. with how
>> wide range it is and no other rules indicating compromise i believe it is a
>> false positive however with the current uptick in Neutrino exploit kits in
>> the wild I thought i would submit something here.
>>
>>
>>
>>
>>
>> Thanks!
>>
>> Grant
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: snortrule.jpg
>> Type: image/jpeg
>> Size: 56811 bytes
>> Desc: snortrule.jpg
>>
>> ------------------------------
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>> End of Snort-sigs Digest, Vol 113, Issue 16
>> *******************************************
>>
>
>
>
> --
> Warm Regards,
>
> Ankit singh
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
>
>


-- 
Warm Regards,

Ankit singh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20151028/36fef8af/attachment.html>


More information about the Snort-sigs mailing list