[Snort-users] Re: instant snort sigs for new vulnerabilites

twig les twigles at ...131...
Tue Jul 2 14:58:30 EDT 2002


That's a good idea for a quick script that I should
have had done months ago.  As soon as I put out the
lastest mystery fire I'll see if I can get a
reasonable little Lynx-based cronjob.


--- Steve McGhee <stevem at ...6226...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> with all the fuss lately over the new apache worm,
> etc, id like to know
> if my machine is getting hit (its patched, just
> being curious). i know
> about mod_blowchunks, but im looking for something
> more general..
> 
> it seems to me that snort could see these attacks
> pretty easily.
> 
> is there a tool/method out there that will retrieve
> the *latest* snort
> signatures automatically? for those of us not
> running snort via CVS, id
> like a way to do something like cvsup, but _only_
> update my ruleset
> every night or whatever.
> 
> i cc: the freebsd team as this might be a cool
> (simple) port. (something
> like /usr/ports/security/snort-signatures)
> 
> this could be helpful to people who are just
> curious, or maybe could
> provide some good numbers to shock lazy sysadmins
> into actually patching
> their machines.
> 
> 
> ..of course, this is all assuming there's someone
> out there writing
> signatures  ;)
> 
> - --
> - -steve
> 
> ~ 
>
..........................................................
> ~        Steve McGhee
> ~        Systems Administrator
> ~        Linguistic Minority Research Institute
> ~        UC Santa Barbara
> ~        phone: (805)893-2683
> ~        email: stevem at ...6226...
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Using PGP with Mozilla -
> http://enigmail.mozdev.org
> 
>
iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns
> BcxrxnUpvAJK3Sczy5nY4Ir5
> =9LCO
> -----END PGP SIGNATURE-----
> 
> 
> To Unsubscribe: send mail to majordomo at ...484...
> with "unsubscribe freebsd-security" in the body of
> the message


=====
-----------------------------------------------------------
Only fools have all the answers.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




More information about the Snort-users mailing list