[Snort-users] instant snort sigs for new vulnerabilites

Steve McGhee stevem at ...6226...
Tue Jul 2 14:57:57 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


with all the fuss lately over the new apache worm, etc, id like to know
if my machine is getting hit (its patched, just being curious). i know
about mod_blowchunks, but im looking for something more general..

it seems to me that snort could see these attacks pretty easily.

is there a tool/method out there that will retrieve the *latest* snort
signatures automatically? for those of us not running snort via CVS, id
like a way to do something like cvsup, but _only_ update my ruleset
every night or whatever.

i cc: the freebsd team as this might be a cool (simple) port. (something
like /usr/ports/security/snort-signatures)

this could be helpful to people who are just curious, or maybe could
provide some good numbers to shock lazy sysadmins into actually patching
their machines.


..of course, this is all assuming there's someone out there writing
signatures  ;)

- --
- -steve

~  ..........................................................
~        Steve McGhee
~        Systems Administrator
~        Linguistic Minority Research Institute
~        UC Santa Barbara
~        phone: (805)893-2683
~        email: stevem at ...6226...

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Using PGP with Mozilla - http://enigmail.mozdev.org

iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns
BcxrxnUpvAJK3Sczy5nY4Ir5
=9LCO
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list