Snort mailing list archives
VRT Rule Update for 08/25/2011: Modifications to the snort.conf file
From: Joel Esler <joel () sourcefire com>
Date: Thu, 25 Aug 2011 17:30:38 -0400
All, A special note about today's rule release. Please see the blog post below for full details. The registered users of Snort have emailed me and told me that they will not be able to access the snort.conf for 2.9.1 until the 30 day window is open. This is correct, however, for registered users's convenience you may access the 2.9.1 snort.conf here: http://www.snort.org/assets/184/snort.conf ====== http://blog.snort.org/2011/08/vrt-rule-update-for-08252011.html The following changes have been made to the snort.conf in this release: Modifications to HTTP_PORTS portvar HTTP_PORTS [80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,7777,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,8888,8899,9080,9090,9091,9443,9999,11371,55555] Modifications to Stream5 configuration: ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 7510 7802 7777 7779 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 8180 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 Modifications to http_inspect ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 } Increase to the Max sessions in the SIP preprocessor preprocessor sip: max_sessions 40000 Increase to the max_content_len parameter in the SIP preprocessor max_content_len 2048 Modifications to the file names in the IP Blacklist Preprocessor preprocessor reputation: \ memcap 500, \ priority whitelist, \ nested_ip inner, \ whitelist $WHITE_LIST_PATH/white_list.rules, \ blacklist $BLACK_LIST_PATH/black_list.rules In VRT's rule release: The Sourcefire VRT has added and modified multiple rules in the backdoor, botnet-cnc, dos, exploit, netbios, rpc, specific-threats, spyware-put and web-misc rule sets to provide coverage for emerging threats from these technologies. ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Eoin Miller (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Greg Lane (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Joel Esler (Aug 26)
- Re: VRT Rule Update for 08/25/2011: Modifications to the snort.conf file Eoin Miller (Aug 26)