[Snort-users] VRT Rule Update for 08/25/2011: Modifications to the snort.conf file

Joel Esler joel at ...1935...
Thu Aug 25 17:30:38 EDT 2011


All,

A special note about today's rule release.  Please see the blog post below for full details.

The registered users of Snort have emailed me and told me that they will not be able to access the snort.conf for 2.9.1 until the 30 day window is open.  This is correct, however, for registered users's convenience you may access the 2.9.1 snort.conf here:
http://www.snort.org/assets/184/snort.conf

======

http://blog.snort.org/2011/08/vrt-rule-update-for-08252011.html

The following changes have been made to the snort.conf in this release:

Modifications to HTTP_PORTS

portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,8888,8899,9080,9090,9091,9443,9999,11371,55555]


Modifications to Stream5 configuration:

ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 7510 7802 7777 7779 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555


Modifications to http_inspect

ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 }


Increase to the Max sessions in the SIP preprocessor

preprocessor sip: max_sessions 40000


Increase to the max_content_len parameter in the SIP preprocessor

max_content_len 2048


Modifications to the file names in the IP Blacklist Preprocessor

preprocessor reputation: \
memcap 500, \
priority whitelist, \
nested_ip inner, \
whitelist $WHITE_LIST_PATH/white_list.rules, \
blacklist $BLACK_LIST_PATH/black_list.rules 

In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the backdoor, botnet-cnc, dos, exploit, netbios, rpc, specific-threats, spyware-put and web-misc rule sets to provide coverage for emerging threats from these technologies.





More information about the Snort-users mailing list