[Snort-users] Bleeding Rules not detecting

Brian Blake BBlake at ...8135...
Fri Aug 19 06:45:03 EDT 2005


To all:

Until recently the bleeding edge rules worked great, little noisy, but great none the less.  Then, after doing an update about 1 month ago, the alerts stopped showing up.  Due to time constraints I have not been able to troubleshoot this recently.

Snort Version 2.4
My snort config:
  
var HOME_NET x.x.0.0/22
var EXTERNAL_NET ANY
.
.
.
include $RULE_PATH/bleeding.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-virus.rules
include $RULE_PATH/bleeding-policy.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-web.rules
include $RULE_PATH/bleeding-attack_response.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-custom.rules
include $RULE_PATH/bleeding-game.rules

Any ideas as to how to get these to work again?  Or good ways to test them?  My snort-rules emails used to send up false positives, which I am not getting anymore.

TIA

Brian Blake
Security Technician
American Background Information Services, Inc.








More information about the Snort-users mailing list