Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15
From: "Starner, Mark" <mark.starner () unisys com>
Date: Wed, 16 Jan 2013 13:13:31 -0600
The latest 2.9.3.1 subscriber tarball contains this rule in the preprocessor.rules file: alert ( msg: "SIP_EVENT_MAX_DIALOGS_IN_A_SESSION"; sid: 27; gid: 140; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) But does not contain an entry for this rule in the gen-msg.map rule located in the tarball. It goes from 140 || 26 to 141 || 1 140 || 25 || sip: Mismatch in Method of request and the CSEQ header 140 || 26 || sip: The method is unknown 141 || 1 || imap: Unknown IMAP4 command 141 || 2 || imap: Unknown IMAP4 response -----Original Message----- From: Research [mailto:research () sourcefire com] Sent: Tuesday, January 15, 2013 2:27 PM To: snort-sigs () lists sourceforge net Subject: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2013-01-15 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourcefire VRT Certified Snort Rules Update Synopsis: This release adds and modifies rules in several categories. Details: The Sourcefire VRT has added and modified multiple rules in the app-detect, blacklist, browser-firefox, browser-ie, browser-plugins, deleted, dns, dos, exploit-kit, file-executable, file-identify, file-image, file-multimedia, file-office, file-other, indicator-compromise, malware-cnc, os-windows, policy-other, server-other and sql rule sets to provide coverage for emerging threats from these technologies. For a complete list of new and modified rules please see: http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2013-01-15.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFQ9a2VaBoqZBVJfwMRAijqAKCtZUT3hRh7jjlgCGeRvwYUYR0zSgCglPph 3mpHiGksoLNSR4c7FMVn/nI= =jPOt -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- -- Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS and more. Get SQL Server skills now (including 2012) with LearnDevNow - 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only - learn more at: http://p.sf.net/sfu/learnmore_122512 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Sourcefire VRT Certified Snort Rules Update 2013-01-15 Research (Jan 15)
- Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Starner, Mark (Jan 16)
- Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Joel Esler (Jan 16)
- Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Joel Esler (Jan 17)
- Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Joel Esler (Jan 16)
- Re: Sourcefire VRT Certified Snort Rules Update 2013-01-15 Starner, Mark (Jan 16)