[Snort-users] Serious Snort Bug Could Lead To Next Slammer

Jennifer Steffens jennifer.steffens at ...1935...
Thu Oct 20 07:22:57 EDT 2005


Just to make sure there is no confusion, this is regarding the 
vulnerability found in the Back Orifice preprocessor in Snort 
2.4.0-2.4.2. Snort 2.4.3 has been released to correct the issue and 
provide detection capabilities for attempts to exploit the 
vulnerability. This was announced on the site and mailing lists on 
October 18, 2005 at 9:18am EDT.

Complete details are available at 
http://www.snort.org/rules/advisories/snort_update_20051018.html.

As always, let me know if anyone has any questions.

Thanks,
Jennifer

Michael Steele wrote:
> I found this:
> 
> http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=17230
> 2520
> 
> No mention on Snort.org or in the list.
> 
> Kindest regards,
> Michael...
> 
> WINSNORT.com Management Team Member
> --
> Pick up your FREE Windows or UNIX Snort installation guides
> mailto:support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Igor Belikov
> Sent: Thursday, October 20, 2005 12:18 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re[2]: [Snort-users] need help configuring snort + barnyard
> 
> Hello Chris,
> 
> Wednesday, October 19, 2005, 7:31:05 PM, you wrote:
> 
> CE> |   I configured snort to write both alert and log files in unified
> CE> |   format. But I can't configure barnyard properly to store in DB
> CE> |   detailed info about alerts.
> CE> | 
> CE> |   Barnyard "watch" alert files and stores info about alerts, but I
> CE> |   need also store whole packets caused alert.
> 
> CE> It seems you don't need to have snort write both unified files.  All the
> CE> required info seems to be in the unified "log" file, so this is what you
> CE> want barnyard to read.  It's not at all clear to us what info is in the
> CE> unified "alert" file that's not *also* in the unified "log" file.  So we
> CE> don't write a unified "alert" file at all.
> 
> It's sounds good, but I still can't configure snort + barnyard.
> 
> Last configs:
> 
>   - snort:
> 
> output log_unified: filename snort.log, limit 128
> 
>   - barnyard:
> 
> output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x, user
> xxxxx, password xxxxx, detail full
> 
> In /log directory I see "snort.log.<timestamp>", "barnyard.waldo"
> (with correct link to snort.log) and "alert" (with alerts produced by
> snort).
> 
> Watching log files I see that barnyard works (link in waldo file
> follows growing snort.log), but I don't get any new alerts in DB.
> 
> Using previous variant of configs (using unified alert) barnyard put
> all alerts in DB.
> 
> Please, point me where I make mistake.
> 




More information about the Snort-users mailing list