[Snort-users] arachnids_upd v0.3

Andreas Östling andreaso at ...236...
Tue May 8 15:43:26 EDT 2001


Hello!
I've put up version 0.3 of my little arachNIDS Snort rules updater at
http://nitzer.dhs.org/arachnids_upd/

It now has much more easy-to-read output of the rule changes.
For example, it may look something like this:

...
[+++]     Added (new):     [+++]
  alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: P+; content: "|8B C4 83 C0 11 33 C9 66 B9 20 01 80 30 03|";)
  alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: P+; content: "|33 C0 B0 90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";)
  alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: P+; content: ".printer"; nocase;)


And the next update:

...
[///]   Modified active:   [///]
  Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: P+; content: "|8B C4 83 C0 11 33 C9 66 B9 20 01 80 30 03|";)
  New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS534/http-iis5-printer-eeye";flags: A+; content: "|8B C4 83 C0 11 33 C9 66 B9 20 01 80 30 03|";)
  Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: P+; content: "|33 C0 B0 90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";)
  New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS535/http-iis5-printer-beavuh";flags: A+; content: "|33 C0 B0 90 03 D8 8B 03 8B 40 60 33 DB B3 24 03 C3|";)
  Old: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: P+; content: ".printer"; nocase;)
  New: alert TCP $EXTERNAL any -> $INTERNAL 80 (msg: "IDS533/http-iis5-printer-isapi";flags: A+; content: ".printer"; nocase;)



Regards,
Andreas Östling





More information about the Snort-users mailing list