[Snort-users] Hello Snort Team

Russ rucombs at ...589...
Sun May 21 18:47:34 EDT 2017


Snort++ would be great for your situation.  You can use the latest 2.X 
rules and convert them with snort2lua (provided with Snort++) to 3.0 format.

On 5/21/17 3:13 PM, Joel Esler (jesler) wrote:
> We'd love people to test it out.  We don't have rules for it yet, but we are getting there.
>
> --
> Sent from my iPhone
>
>> On May 21, 2017, at 15:10, J Doe <general at ...17107...> wrote:
>>
>>
>>> On May 21, 2017, at 2:58 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
>>>
>>> Technically, http can be on any port. So, you can either use openappid to identify services instead of ports, or Snort3, which is service aware by default, but has no ruleset yet.
>>>
>>> We've added that many ports to HTTP_PORTS as we've seen exploit activity in the wild over those ports.
>> Hi,
>>
>> Good point - I hadn't considered HTTP/S traffic from exploits.
>>
>> I will definitely be looking into Open AppID - I skipped that portion of the manual (which I will rectify a second time around!).  I will use that for my 2.9.9.x install of Snort.
>>
>> I'd really like to move to Snort 3 for the support of Lua rules (I am currently using Lua with the ModSec WAF and I love it), and for the refactored code in C++ (C++ is one of the languages I am familiar with).  I've been following its' progress - currently at alpha 4, a recent push to patch some security vulnerabilities detected and the Talos blog that says a beta is scheduled around summer.
>>
>> I was wondering - would it be stable enough to run on my low volume web host ?  It is not a mission critical server and I'd like to work with Snort 3 as the code base develops.
>>
>> Thanks,
>>
>> - J
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list