<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<base href="http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html">
<title>Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013</title>
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:Georgia;
        panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
        {font-family:"Lucida Grande";
        panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
h1
        {mso-style-priority:9;
        mso-style-link:"Heading 1 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:24.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
code
        {mso-style-priority:99;
        font-family:"Courier New";}
span.Heading1Char
        {mso-style-name:"Heading 1 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 1";
        font-family:"Cambria","serif";
        color:#365F91;
        font-weight:bold;}
p.page, li.page, div.page
        {mso-style-name:page;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        line-height:160%;
        font-size:15.0pt;
        font-family:"Georgia","serif";}
span.apple-mail-urlsharewrapperclass
        {mso-style-name:apple-mail-urlsharewrapperclass;}
span.apple-mail-urlshareusercontenttopclass
        {mso-style-name:apple-mail-urlshareusercontenttopclass;}
span.apple-mail-urlsharesharedcontentclass
        {mso-style-name:apple-mail-urlsharesharedcontentclass;}
span.apple-mail-urlshareusercontentbottomclass
        {mso-style-name:apple-mail-urlshareusercontentbottomclass;}
span.EmailStyle24
        {mso-style-type:personal-reply;
        font-family:Consolas;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D">Hi Joel,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D">One observation. Just need to make you aware that in the mail below you have mentioned port 33330, but in the snort.confs example page port mentioned is 33300. I believe
 33300 is the correct port (used for Magnitude Exploit Kit).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D">Thanks and Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D">Anshuman
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Consolas;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Joel Esler [mailto:jesler@...435...]
<br>
<b>Sent:</b> Friday, November 01, 2013 1:40 AM<br>
<b>To:</b> Snort; Snort-sigs<br>
<b>Subject:</b> [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><br>
<br>
<span class="apple-mail-urlsharesharedcontentclass"><o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a href="http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html">http://blog.snort.org/2013/10/sourcefire-vrt-certified-snort-rules_31.html</a><o:p></o:p></p>
</div>
<div id="article">
<div>
<h1 style="mso-line-height-alt:15.0pt"><span style="font-size:17.5pt;font-family:"Georgia","serif";color:#4B4B4B;font-weight:normal">Sourcefire VRT Certified Snort Rules Update for 10/31/2013<o:p></o:p></span></h1>
<p class="MsoNormal" style="margin-bottom:12.0pt;line-height:18.75pt"><span style="font-size:11.5pt;font-family:"Georgia","serif""><br>
We welcome the introduction of the newest <a href="http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2013-10-31.html">
<span style="color:#416ED2">rule release for today</span></a> from the VRT. In this release we introduced 27 new rules and made modifications to 7 additional rules.
<br>
<br>
There were three changes made to the </span><code><span style="font-size:10.0pt">snort.conf</span></code><span style="font-size:11.5pt;font-family:"Georgia","serif""> in this release:<br>
<br>
The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections:
<br>
<br>
51423<br>
44440<br>
33330<br>
15489<br>
<br>
The Snort.confs on the example page have been updated:<br>
<a href="http://www.snort.org/vrt/snort-conf-configurations/" target="_blank"><span style="color:#416ED2">http://www.snort.org/vrt/snort-conf-configurations/</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="line-height:18.75pt"><span style="font-size:9.0pt;font-family:"Lucida Grande","serif"">--</span><span style="font-size:11.5pt;font-family:"Georgia","serif""><br>
</span><b><span style="font-size:9.0pt;font-family:"Lucida Grande","serif"">Joel Esler</span></b><span style="font-size:11.5pt;font-family:"Georgia","serif""><br>
</span><span style="font-size:9.0pt;font-family:"Lucida Grande","serif"">AEGIS Intelligence Lead</span><span style="font-size:11.5pt;font-family:"Georgia","serif""><br>
</span><span style="font-size:9.0pt;font-family:"Lucida Grande","serif"">OpenSource Community Manager</span><span style="font-size:11.5pt;font-family:"Georgia","serif""><br>
</span><span style="font-size:9.0pt;font-family:"Lucida Grande","serif"">Vulnerability Research Team, Sourcefire</span><span style="font-size:11.5pt;font-family:"Georgia","serif""><o:p></o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
</div>
<br clear=all> <p style='line-height:10.0pt'><span style='font-size:9.0pt;font-

family:"Cambria","serif";
color:#7F7F7F;mso-themecolor:background1;mso-themeshade:128;mso-style-textfill-fill-

color:
#7F7F7F;mso-style-textfill-fill-themecolor:background1;mso-style-textfill-fill-alpha:
100.0%;mso-style-textfill-fill-colortransforms:lumm=50000'>"Legal Disclaimer: This 

electronic message and all contents contain information from Cybage Software Private 

Limited which may be privileged, confidential, or otherwise protected from disclosure. 

The information is intended to be for the addressee(s) only. If you are not an 

addressee, any disclosure, copy, distribution, or use of the contents of this message 

is strictly prohibited. If you have received this electronic message in error please 

notify the sender by reply e-mail to and destroy the original message and all copies. 

Cybage has taken every reasonable precaution to minimize the risk of malicious content 

in the mail, but is not liable for any damage you may sustain as a result of any 

malicious content in this e-mail. You should carry out your own malicious content 

checks before opening the e-mail or attachment." 
www.cybage.com<o:p></o:p></span></p>
</body>
</html>