Tuesday, December 29, 2015

Snort 2.9.7.5 is EOL!

Snort 2.9.7.5 is officially supposed to EOL today, however, since many people are out on vacation through New Years, we've decided to keep the build system up until after the holidays.  

The current version of Snort is 2.9.8.0.   Those of you on older versions, please start upgrading.  

Monday, December 28, 2015

Snort Subscriber Rule Set Update for 12/28/2015, Adobe Flash

Just released:
Snort Subscriber Rule Set Update for 12/28/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 4 new rules and made modifications to 2 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-flash and malware-cnc rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, December 22, 2015

Snort Subscriber Rule Set Update for 12/22/2015

Just released:
Snort Subscriber Rule Set Update for 12/22/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 48 new rules and made modifications to 9 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-flash, file-multimedia, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, December 21, 2015

Snort Subscriber Rule Set Update for 12/21/2015

Just released:
Snort Subscriber Rule Set Update for 12/21/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 30 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the file-flash, file-identify, file-office, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Thursday, December 17, 2015

Snort 2.9.8.0 Ruleset Released!

We apologize for the delay.  Starting with today's rule release, Snort 2.9.8.0's ruleset is now shipping along side our other rulesets.

Snort Subscriber Rule Set Update for 12/17/2015, Snort 2.9.8.0 Ruleset

Just released:
Snort Subscriber Rule Set Update for 12/17/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 38 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the app-detect, blacklist, browser-plugins, file-flash, file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, December 15, 2015

Snort Subscriber Rule Set Update for 12/15/2015

Just released:
Snort Subscriber Rule Set Update for 12/15/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 42 new rules and made modifications to 8 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the app-detect, blacklist, browser-plugins, file-flash, file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, December 14, 2015

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content.

This release, build 259, includes
  • A total of 2,803 detectors. 
  • An additional 76 detectors have been open sourced on this release.
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.
Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.7.0's and 2.9.8.0's OpenAppID preprocessor and sharing your experiences with the community.

The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Snort++ Alpha 3 Available Now!

The third alpha release of Snort++ is now available on snort.org, and it includes a lot of new features and functionality:

Snort features:

  • sync with Snort 297-262
  • ported reputation inspector
  • ported dnp3 and modbus inspectors
  • ported gtp inspector

New features:

  • pigliet plugin test harness
  • file policy support
  • added regex rule option based on hyperscan
  • added fast pattern matching based on hyperscan
  • new time and space profiling

Work in progress:

  • the all new HTTP inspector
  • a rewrite of TCP packet and session handling

The priority for the fourth and final alpha release is parity with Snort 2.X (i.e. a superset of 2.X functionality).  Here are some things to look for in the final alpha release:

  • port open appID
  • port dcerpc2 inspector
  • port sensitive data inspector
  • finish rewrite of stream_tcp for greater functionality and performance
  • finish rewrite of side channel and HA functionality
  • finish rewrite of perf stats
  • finish next generation DAQ


There are several new features in the works that will be delayed by the effort to overtake Snort 2.X but this strategy will ultimately allow us to move even quicker.

Windows support is also affected but not forgotten.  We will eventually provide a full featured Snort++ for Windows.

New downloads are posted to snort.org monthly.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Please submit bugs, questions, and feedback to bugs@snort.org or the
Snort-Users mailing list.

Happy Snorting!
The Snort Release Team

Friday, December 11, 2015

Snort++ Update

Pushed build 183 to github (snortadmin/snort3):

  • added memory profiling feature
  • added regex fast pattern support
  • ported reputation preprocessor from 2.X
  • synced to 297-262
  • removed '_q' search method flavors - all are now queued
  • removed PPM_TEST
  • build and memory leak fixes

Thursday, December 10, 2015

Snort Subscriber Rule Set Update for 12/10/2015

Just released:
Snort Subscriber Rule Set Update for 12/10/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules and made modifications to 2489 additional rules.

The reason for the large amount of changes was our annual policy rebalancing that we announced several years ago here.  Every year adjustments are made to the ruleset to ensure it is in-line with current and emerging threats.   Old rules are retired to improve performance while maintaining detection for current security issues.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the app-detect, browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, exploit-kit, file-executable, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, malware-cnc, netbios, os-other, os-windows, policy-other, policy-social, protocol-dns, protocol-ftp, protocol-icmp, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-telnet, protocol-tftp, server-apache, server-iis, server-mail, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, December 8, 2015

Snort Subscriber Rule Set Update for 12/08/2015, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 12/08/2015


We welcome the introduction of the newest rule release from Talos. In this release we introduced 100 new rules and made modifications to 9 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Microsoft Security Bulletin MS15-124:
Microsoft Internet Explorer suffers from programming errors that may lead to
remote code execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36917 through 36923, 36926
through 36929, 36934 through 36951, 36954 through 36957, 36962 through 36963,
36968 through 36969, 36978 through 36983, 36986 through 36988, 36991 through
36992, 37003 through 37004, and 37009 through 37010.

Microsoft Security Bulletin MS15-125:
A coding deficiency exists in Microsoft Edge that may lead to remote code
execution.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 36673 through 36674.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, SIDs 36917, 36932 through 36933,
36942 through 36943, 36950 through 36951, and 36984 through 36985.

Microsoft Security Bulletin MS15-126:
A coding deficiency exists in Microsoft JScript and VBScript that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36922 through 36923.

Microsoft Security Bulletin MS15-128:
A coding deficiency exists in Microsoft Graphics Component that may lead to
remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36964 through 36967.

Microsoft Security Bulletin MS15-129:
A coding deficiency exists in Microsoft Silverlight that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36997 through 36998.

Microsoft Security Bulletin MS15-130:
A coding deficiency exists in Microsoft Uniscribe that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36952 through 36953.

Microsoft Security Bulletin MS15-131:
A coding deficiency exists in Microsoft Office that may lead to remote code
execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36924 through 36925, 36958 through
36961, 36974 through 36975, and 37011 through 37013.

Microsoft Security Bulletin MS15-132:
A coding deficiency exists in Microsoft Windows that may lead to an escalation
of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36930 through 36931, 36993 through
36996, and 36999 through 37002.

Microsoft Security Bulletin MS15-134:
A coding deficiency exists in Microsoft Media Center that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in this
release and are identified with GID 1, SIDs 36972 through 36973.

Microsoft Security Bulletin MS15-135:
A coding deficiency exists in a Microsoft Kernel mode driver that may lead to
an escalation of privilege.

Previously released rules will detect attacks targeting this vulnerability and
have been updated with the appropriate reference information. They are included
in this release and are identified with GID 1, SIDs 35149 through 35150.

New rules to detect attacks targeting these vulnerabilities are also included
in this release and are identified with GID 1, 36970 through 36971, 36976
through 36977, and 36989 through 36990.

Talos has added and modified multiple rules in the browser-ie, browser-plugins,
deleted, file-office, file-other, malware-cnc and policy-other rule sets to
provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Friday, December 4, 2015

Snort++ Update

Pushed build 181 to github (snortadmin/snort3):

  • perf profiling enhancements
  • fixed build issues and memory leaks
  • continued pattern match refactoring
  • fix spurious sip_method matching

Thursday, December 3, 2015

Snort Subscriber Rule Set Update for 12/03/2015

Just released:
Snort Subscriber Rule Set Update for 12/03/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 10 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the blacklist, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, December 1, 2015

Snort Subscriber Rule Set Update for 12/01/2015

Just released:
Snort Subscriber Rule Set Update for 12/01/2015

We welcome the introduction of the newest rule release from Talos. In this release we introduced 15 new rules and made modifications to 14 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-flash, file-office, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!