[Snort-users] Pulled Pork

JJ Cummings cummingsj at ...11827...
Tue Oct 30 21:13:19 EDT 2012


alert ip any any -> any any (msg:"oh noes, your oinkmaster cron is the broken!!"; sid:666; rev:1;)

Sent from the iRoad

On Oct 30, 2012, at 18:49, Jeremy Hoel <jthoel at ...11827...> wrote:

> Now that's a funny idea. Ha!
> 
> On Oct 30, 2012 6:28 PM, "waldo kitty" <wkitty42 at ...14940...> wrote:
>> On 10/30/2012 16:25, Joel Esler wrote:
>> > On Oct 30, 2012, at 12:02 PM, waldo kitty wrote:
>> >> On 10/30/2012 10:55, Joel Esler wrote:
>> >>
>> >>> We have the 15 minute delay in place, as there are some people who like to
>> >>> download the entire ruleset every 5 seconds.
>> >>
>> >> i highly suspect that these are folks with bad cron entries... you'd think
>> >> they'd be aware of the problem but obviously
>> >>
>> >> 1) they are not OR
>> >> 2) they do not care OR
>> >> 3) they are trying to cause problems ie: (d)dos anyone?
>> >
>> > I believe it's #1. They don't know the problem exists. I've written a few of
>> > them, and a couple of them have corrected the issue, we have one who
>> > acknowledged the problem and is going to fix it (don't know when),
>> 
>> not trying to be nosy but this is out of how many unique oinkcodes abusing the
>> services like this?
>> 
>> > and some that haven't acknowledged at all.
>> >
>> > And some, whose emails just bounced.
>> 
>> i'd bet that if those oinkcodes were disabled they'd wake up... or maybe feed
>> them a "rules archive" with a file inside that states the problem, that their
>> registered email address is no longer valid and why the code has been set to
>> redirect to this non-rules archive ;)
>> 
>> HA! or even a rule or rules that alerts on traffic and has a message that would
>> point out to them the problem... if they are watching their snort output, that
>> would definitely get their attention ;) ;) ;)
>> 
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_sfd2d_oct
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121030/a8d58ca7/attachment.html>


More information about the Snort-users mailing list