Just released: Sourcefire VRT Certified Snort Rules Update for 12/31/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 16 new rules and made modifications to 3 additional rules.
The VRT would like to thank Avery Tarasov for his work on sid: 25119
There were no changes made to the snort.conf in this release.
In VRT's rule release:
Microsoft Security Advisory CVE-2012-4792:
Microsoft Internet Explorer versions 6, 7 and 8 contain a programming
error that may allow a remote attacker to execute code on an affected
system.
Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 25125 through 25134.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Monday, December 31, 2012
Friday, December 21, 2012
Master snort.conf's have been updated
With the addition of the new ports in all the configurations, I've went ahead and updated our master snort.conf examples from the VRT on the Snort.conf configuration page:
https://www.snort.org/configurations
By the way -- In case you want to find that page in the future, just remember to Google "Snort.conf configurations" It's the first result.
Happy 2012!
https://www.snort.org/configurations
By the way -- In case you want to find that page in the future, just remember to Google "Snort.conf configurations" It's the first result.
Happy 2012!
Sourcefire VRT Certified Snort Rules Update for 12/20/2012
Just released:
Sourcefire VRT Certified Snort Rules Update for 12/20/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 64 new rules and made modifications to 33 additional rules, in what will most likely be the last update of the year.
There were several changes made to the
HTTP_PORTS, Stream5, and http_inspect ports were updated as such:
portvar HTTP_PORTS [80,81,311,383,591,593,901,1220,1414,1741,1830,2301,2381,2809,3037,3128,3702,4343,4848,5250,6988,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8300,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555]
ports both 80 81 311 383 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7907 7001 7144 7145 7510 7802 7777 7779 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
ports { 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 }
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 64 new rules and made modifications to 33 additional rules, in what will most likely be the last update of the year.
There were several changes made to the
snort.conf in this release.HTTP_PORTS, Stream5, and http_inspect ports were updated as such:
portvar HTTP_PORTS [80,81,311,383,591,593,901,1220,1414,1741,1830,2301,2381,2809,3037,3128,3702,4343,4848,5250,6988,7001,7144,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8090,8118,8123,8180,8181,8243,8280,8300,8800,8888,8899,9000,9060,9080,9090,9091,9443,9999,11371,34443,34444,41080,50002,55555]
ports both 80 81 311 383 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7907 7001 7144 7145 7510 7802 7777 7779 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
ports { 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 }
In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-ie, browser-plugins, deleted, dos, exploit-kit, file-identify, file-image, file-multimedia, file-office, indicator-obfuscation, malware-backdoor, malware-cnc, malware-other, netbios, scada, server-mail, server-other and web-client rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Tuesday, December 18, 2012
Sourcefire VRT Certified Snort Rules Update for 12/18/2012
Just released:
Sourcefire VRT Certified Snort Rules Update for 12/18/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 39 new rules and made modifications to 166 additional rules.
There were no changes made to the
The VRT would like to thank Avery Tarasov for their work on:
25054
25050
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 39 new rules and made modifications to 166 additional rules.
There were no changes made to the
snort.conf in this release.
The VRT would like to thank Avery Tarasov for their work on:
25054
25050
In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash, file-identify, file-image, file-multimedia, indicator-compromise, malware-cnc, malware-other, os-other, os-windows, policy-other, protocol-ftp, protocol-icmp, protocol-voip, server-iis, server-mail, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Monday, December 17, 2012
Sourcefire VRT Certified Snort Rules Update for 12/17/2012
Just released:
Sourcefire VRT Certified Snort Rules Update for 12/17/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 10 new rules and made modifications to 9 additional rules.
There were no changes made to the
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 10 new rules and made modifications to 9 additional rules.
There were no changes made to the
snort.conf in this release.
In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the blacklist, file-flash, file-identify, file-other, malware-backdoor and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Thursday, December 13, 2012
Sourcefire VRT Certified Snort Rules Update for 12/13/2012
Just released:
Sourcefire VRT Certified Snort Rules Update for 12/13/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 26 new rules and made modifications to 25 additional rules.
There were no changes made to the
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 26 new rules and made modifications to 25 additional rules.
There were no changes made to the
snort.conf in this release.
In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, file-flash, file-multimedia, file-other, malware-cnc, malware-other, policy-other, scada, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Tuesday, December 11, 2012
Sourcefire VRT Certified Snort Rules Update for 12/11/2012, MSTuesday coverage
Just released:
Sourcefire VRT Certified Snort Rules Update for 12/11/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 28 new rules and made modifications to 131 additional rules.
There were no changes made to the
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 28 new rules and made modifications to 131 additional rules.
There were no changes made to the
snort.conf in this release.
In VRT's rule release:
Microsoft Security Bulletin MS12-077: Microsoft Internet Explorer contains a programming error that may allow a remote attacker to execute code on an affected system.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 24956.
Microsoft Security Bulletin MS12-078: The Microsoft Windows Adobe Type Manager font driver (ATMFD) contains a programming error that may allow a remote attacker to cause a Denial of Service (DoS) against an affected system.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 24971.
Microsoft Security Bulletin MS12-079: Microsoft Word contains a programming error that may allow a remote attacker to execute code on an affected system via a specially crafted rich text file.
Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 24974 and 24975.
Microsoft Security Bulletin MS12-081: The Microsoft Windows operating system contains a programming error that may allow a remote attacker to execute code on an affected system via a specially crafted file name.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 24973.
Microsoft Security Bulletin MS12-082: Microsoft DirectPlay contains a programming error that may allow a remote attacker to execute code on an affected system.
Rules to detect attacks targeting this vulnerability are included in this release and are identified with GID 1, SIDs 24957 through 24970.
Additionally, the Sourcefire VRT has added and modified multiple rules in the app-detect, browser-ie, browser-plugins, exploit, exploit-kit, file-executable, file-flash, file-multimedia, file-office, indicator-compromise, indicator-obfuscation, malware-cnc, malware-other and server-mysql rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Friday, December 7, 2012
Mirroring traffic to Snort using a Consumer Grade Router
Thanks again to William Parker for providing some excellent documentation for the rest of the Snort community.
Just posted to http://www.snort.org/docs is a guide on how to use a consumer grade router (Linksys, D-Link, NetGear, etc) to mirror your traffic in your network over to a box running Snort.
Take a look at the doc!
Thanks Bill!
Just posted to http://www.snort.org/docs is a guide on how to use a consumer grade router (Linksys, D-Link, NetGear, etc) to mirror your traffic in your network over to a box running Snort.
Take a look at the doc!
Thanks Bill!
Labels:
docs
Thursday, December 6, 2012
Sourcefire VRT Certified Snort Rules Update for 12/06/2012
Just released:
Sourcefire VRT Certified Snort Rules Update for 12/06/2012
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 17 new rules and made modifications to 20 additional rules.
There were no changes made to the
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 17 new rules and made modifications to 20 additional rules.
There were no changes made to the
snort.conf in this release.
In VRT's rule release:
The Sourcefire VRT has added and modified multiple rules in the browser-ie, exploit-kit, file-executable, file-identify, file-other, malware-other, protocol-voip, server-mail, server-mysql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Wednesday, December 5, 2012
Snort Startup scripts for various OSes posted!
Many thanks to one of our very dedicated Snort Community members, William Parker. In his guides (also posted on the documentation page of Snort.org) he has embedded some Snort Startup scripts.
Because some people are having problems with copy and pasting out of the PDF documentation, so Mr. Parker put these startup scripts in their own files and sent them to me. I created a special section on Snort.org/docs just for startup scripts, and they are all there!
Many thanks to Mr. Parker and our whole Snort Community!
Because some people are having problems with copy and pasting out of the PDF documentation, so Mr. Parker put these startup scripts in their own files and sent them to me. I created a special section on Snort.org/docs just for startup scripts, and they are all there!
Many thanks to Mr. Parker and our whole Snort Community!
Subscribe to:
Posts (Atom)