Snort mailing list archives
RE: help with interpreting log
From: "tony cowling" <tonycowling () sympatico ca>
Date: Thu, 17 Feb 2005 19:53:29 -0500
I am away from my snort machine at moment so am now trying to remember where I got the bleeding rules... Looks like there are a few places to get them from?? Which do you use and how often are these up-dated? I have to say I was quite surprised to see the virus rules in the basic rule set just scanning for file extensions. -----Original Message----- From: Bob Konigsberg [mailto:bobkberg () networkeval com] Sent: Thursday, February 17, 2005 7:37 PM To: 'tony cowling' Subject: RE: [Snort-users] help with interpreting log Yes. In fact, that's what I do for my spyware stuff (under malware rules) Bob -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of tony cowling Sent: Thursday, February 17, 2005 4:38 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] help with interpreting log Yes the virus bleeding edge rules any way, are the malware rules one and the same or are they separate? I have just realized that I can limit the logging to just the alerts rather than so much other interesting traffic appearing in a folder for each ip address. Is that right? -----Original Message----- From: Bob Konigsberg [mailto:bobkberg () networkeval com] Sent: Thursday, February 17, 2005 7:22 PM To: 'tony cowling' Subject: RE: [Snort-users] help with interpreting log Ok - are you also using the bleeding edge snort malware and virus rules? Bob -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of tony cowling Sent: Thursday, February 17, 2005 4:06 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] help with interpreting log Thanks Bob. I actually posted the same question in a couple of different ways. I gave a little more detail the second time. I am new to the 'email list' thing so am not sure on the process honestly. Any way your reply is much appreciated. I will be watching this list with much interest. I am actually after trying to use snort as a quick check point for virus, worm type traffic across a small buss network. Over and above regular client based virus software. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- help with interpreting log tonycowling (Feb 15)
- RE: help with interpreting log Bob Konigsberg (Feb 17)
- RE: help with interpreting log tony cowling (Feb 17)
- <Possible follow-ups>
- RE: help with interpreting log tony cowling (Feb 17)
- RE: help with interpreting log tony cowling (Feb 17)
- RE: help with interpreting log Bob Konigsberg (Feb 17)