[Snort-users] NTP rule?

Joel Esler (jesler) jesler at ...589...
Tue Dec 23 18:28:29 EST 2014


Following up — The rule was just published:

http://blog.snort.org/2014/12/snort-subscriber-rule-set-update-for_17.html <http://blog.snort.org/2014/12/snort-subscriber-rule-set-update-for_17.html>


> On Dec 23, 2014, at 1:44 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
> 
> Only one of the rules is coverable from a network point of view, and the detection is very plain.  We are currently testing and if possible tweaking detection.
> 
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Talos
> 
> 
> 
>> On Dec 23, 2014, at 9:57 AM, John York <YorkJ at ...7109... <mailto:YorkJ at ...843.....7109...>> wrote:
>> 
>> Are there rules yet for CVE-2014-9293 thru CVE-2014-9296?
>> Thanks
>> John
>> 
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming! The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net <http://goparallel.sourceforge.net/>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net <mailto:Snort-users at ...3783...net>
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141223/2b559307/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141223/2b559307/attachment.bin>


More information about the Snort-users mailing list