[Snort-users] Snort-users Digest, Vol 106, Issue 55

Jerry Jarreau jarreau69 at ...11827...
Sat Mar 21 13:39:15 EDT 2015


unsubscribe

On Sat, Mar 21, 2015 at 7:00 AM, <snort-users-request at lists.sourceforge.net>
wrote:

> Send Snort-users mailing list submissions to
>         snort-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
>         snort-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>         snort-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
>
>
> When responding, please don't respond with the entire Digest.  Please trim
> your response.
>
> Today's Topics:
>
>    1. Need an efficient way to generate rules for URL   Filtering
>       (Rishabh Shah)
>    2. ET POLICY Vulnerable Java Version 1.8.x Detected (Jonathon Elwood)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 20 Mar 2015 17:35:04 +0530
> From: Rishabh Shah <rishabh420 at ...11827...>
> Subject: [Snort-users] Need an efficient way to generate rules for URL
>         Filtering
> To: "snort-users at lists.sourceforge.net"
>         <snort-users at lists.sourceforge.net>
> Message-ID:
>         <CA+bv3PNV7kuJpP+prjRYWgC6_YXztzCp7K8ZUzN-fe+jD_b=
> ug at ...11828...>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Snort Team,
>
> Hope you are doing well.
>
> I have a database of 1000 URLs that I want to block using Snort. Do I need
> to create 1000 separate rules to block each of them? Wouldn't there be a
> performance hit if I have a separate rule for each one of them(consider my
> database increases to 10K URLs)? Any alternatives that could achieve my
> aim?
>
> FYI, this is how my rule looks today:
> reject tcp any any -> any any (msg:"Blacklisted URL"; content:"youtube.com
> ";
> http_uri; react: msg;)
>
> --
> Regards,
> Rishabh Shah.
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 2
> Date: Fri, 20 Mar 2015 19:38:42 -0400
> From: Jonathon Elwood <jaelwood at ...11827...>
> Subject: [Snort-users] ET POLICY Vulnerable Java Version 1.8.x
>         Detected
> To: snort-users at lists.sourceforge.net
> Message-ID:
>         <
> CAMZEdsmXrVRS1z4ufAjnOONGCJrJKH6R+ELC5nwTTvOUUSmwOg at ...11828...>
> Content-Type: text/plain; charset="utf-8"
>
> I'm running snort version 2.9.7.0 pkg v3.2.3 (this is pfsense version
> 2.2.1).
>
> I'm getting an alert for some of my machines that have Java installed (ET
> POLICY Vulnerable Java Version 1.8.x Detected).  These are Windows 8.1
> machines and I verified that I have the latest version of Java.  Java
> version "1.8.0_40" Java(TM) SE Runtime Environment (build 1.8.0_40-b26)
>
> Any idea why snort would trigger this alert with this version of Java?
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 106, Issue 55
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150321/695b8145/attachment.html>


More information about the Snort-users mailing list