[Snort-users] Small suggestion for 'rules database'.

Jim Forster jforster at ...176...
Wed Sep 13 12:09:05 EDT 2000


This was implemented yesterday on www.snort.org   The output page being
completely stand alone, to get rid of all the HTML info it was passing
before.

To hit it directly, the string to send is
http://www.snort.org/Database/rules_results.asp?type=ruletype&type=ruletype&
port=&keyword=&thedate=

Keywords that can be passed as 'ruletype' are-

BACKDOOR-ACTIVITY
BACKDOOR-ATTEMPT
BACKDOOR-SIG
DDOS
FINGER
FTP
MISC
NETBIOS
OVERFLOW
PING
RPC
RSERVICE
SCAN
SMTP
SYSADMIN
TELNET
MAILVIRUS
WEB-CGI
WEB-COLDFUSION
WEB-FRONTPAGE
WEB-IIS
WEB-MISC
FALSES
BETA

(To get FTP and TELNET rules only, you would hit:
http://www.snort.org/Database/rules_results.asp?type=TELNET&type=FTP&port=&k
eyword=&thedate= )
To get the entire ruleset, hit:
http://www.snort.org/Database/rules_results.asp?port=&keyword=&thedate=
<Notice: "rules_results" not "rules results" after Database in the examples>
Let me know if this helps any...  :)

Jim Forster
Network Administrator
RapidNet / DakotaConnect

When I'm feeling down, I like to whistle.
It makes the neighbor's dog run to the end of his chain and gag himself.


----- Original Message -----
From: "M. Burnett" <mburnett at ...448...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, September 13, 2000 9:27 AM
Subject: Re: [Snort-users] Small suggestion for 'rules database'.


>
> I must second this suggesstion, it would be nice to have an all-text rules
> page to help with things like automating rules updates and stuff.  Or even
> an XML page that we can parse out ourselves.
>
>
>
> Mark Burnett
> Xato Network Security, Inc.
> www.xato.net
>
>
> ----- Original Message -----
> From: "Vitaly McLain" <twistah at ...93...>
> To: <Snort-users at lists.sourceforge.net>
> Sent: Monday, September 11, 2000 5:15 PM
> Subject: [Snort-users] Small suggestion for 'rules database'.
>
>
> > Hi,
> >
> > This (small) issue has been on mind for a while, but now my friends who
> use
> > Snort have reminded me of it. It regards the ASP script on Snort.org
used
> to
> > create custom rulesets. The script is great (I am not at all
complaining),
> > but maybe you could make it dump to a text file and not to an HTML file?
> Or
> > if HTML format is needed for some reason, maybe you could make an option
> to
> > choose between plain-text and HTML? This would be really beneficial --
the
> > HTML does tend to screw up the file and makes getting a custom rules
file
> a
> > pain in the neck on some systems (such as home-made routers with no
> > X-Windows...Lynx's 'd' command downloads the HTML source..).
> >
> > Thanks,
> > Vitaly McLain
> > twistah at ...93...
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users




More information about the Snort-users mailing list