[Snort-users] [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013

Anshuman Anil Deshmukh anshuman at ...16510...
Sat Nov 2 13:28:19 EDT 2013

Hi Joel,

One observation. Just need to make you aware that in the mail below you have mentioned port 33330, but in the snort.confs example page port mentioned is 33300. I believe 33300 is the correct port (used for Magnitude Exploit Kit).

Thanks and Regards,


From: Joel Esler [mailto:jesler at ...1935...]
Sent: Friday, November 01, 2013 1:40 AM
To: Snort; Snort-sigs
Subject: [Snort-sigs] Snort.org Blog: Sourcefire VRT Certified Snort Rules Update for 10/31/2013


Sourcefire VRT Certified Snort Rules Update for 10/31/2013

We welcome the introduction of the newest rule release for today<http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2013-10-31.html> from the VRT. In this release we introduced 27 new rules and made modifications to 7 additional rules.

There were three changes made to the snort.conf in this release:

The following ports were added to HTTP_PORTS, http_inspect ports, and Stream5's tcp (both) sections:


The Snort.confs on the example page have been updated:

Joel Esler
AEGIS Intelligence Lead
OpenSource Community Manager
Vulnerability Research Team, Sourcefire

"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or attachment." 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131102/328d7469/attachment.html>

More information about the Snort-users mailing list