[Snort-users] NTP rule?

Joel Esler (jesler) jesler at ...589...
Tue Dec 23 13:44:07 EST 2014


Only one of the rules is coverable from a network point of view, and the detection is very plain.  We are currently testing and if possible tweaking detection.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos



> On Dec 23, 2014, at 9:57 AM, John York <YorkJ at ...7109...> wrote:
> 
> Are there rules yet for CVE-2014-9293 thru CVE-2014-9296?
> Thanks
> John
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141223/189455c3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141223/189455c3/attachment.bin>


More information about the Snort-users mailing list