Snort mailing list archives
Re: Snort 2.8.4 RC1 Released
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Thu, 12 Feb 2009 10:20:05 +1300
Todd Wease wrote:
Just in case anyone is wondering, the README.dcerpc2 did not make it into the RC1 distribution. In case anyone is interested, see attached.
That's really great to see all the extra work going into the CIFS world, but it still appears to be to be oriented around catching protocol exploits. Are you looking to generalize it - like snort does with HTTP? (e.g "uricontent") i.e. I'd love to be able to have rules like alert any any -> $SENSITIVE_SERVERS $cifs_ports (msg:"DLP trigger: sensitive NetBIOS file access"; cifsfilename:"*.ppt"; content:"top secret"....) alert any any -> any $cifs_ports (msg:"DLP trigger: sensitive NetBIOS dir access"; cifsdirname:"private"; content:"top secret"....) alert any any -> $SENSITIVE_SERVERS $cifs_ports (msg:"DLP trigger: unauthorized backup of >500 sensitive files"; cifsfilename:"*";threshold:type threshold, track by_src, count 500, seconds 600; ) Just some ideas (I know you're sniffing around the DLP market ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.8.4 RC1 Released Mike Guiterman (Feb 10)
- Re: Snort 2.8.4 RC1 Released Todd Wease (Feb 11)
- Re: Snort 2.8.4 RC1 Released Jason Haar (Feb 11)
- Re: Snort 2.8.4 RC1 Released Todd Wease (Feb 11)