Snort mailing list archives
Re: Snort-sigs Digest, Vol 113, Issue 16
From: Ankit singh <ankitsingh5934 () gmail com>
Date: Tue, 27 Oct 2015 22:54:55 +0530
From where can i get the link for donwloading the pcap uploaded on
community portal, as mentioned below? for neutrino Thanks, Ankit On Tue, Oct 27, 2015 at 8:44 PM, <snort-sigs-request () lists sourceforge net> wrote:
Send Snort-sigs mailing list submissions to snort-sigs () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-sigs or, via email, send a message with subject or body 'help' to snort-sigs-request () lists sourceforge net You can reach the person managing the list at snort-sigs-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-sigs digest..." Today's Topics: 1. Snort Logs (buzzlightstory () gmail com) 2. lots of false positives, Neutrino (Grant.Sims () rksolutions com) ---------------------------------------------------------------------- Message: 1 Date: Sat, 24 Oct 2015 21:41:59 +0100 From: buzzlightstory () gmail com Subject: [Snort-sigs] Snort Logs To: snort-sigs () lists sourceforge net Message-ID: <8A12B0A0-9D2B-47CB-A28F-691CE76B1444 () gmail com> Content-Type: text/plain; charset=us-ascii Dear All, I'm have problems logging my snort alert as the log file in '/var/log/snort.log' is always empty. I've also tried some output plugins like alert_full, alert_fast and syslog but they are all empty files. Please help as I'm stuck. I'm running snort under Linux :)) ------------------------------ Message: 2 Date: Fri, 23 Oct 2015 17:32:58 +0000 From: <Grant.Sims () rksolutions com> Subject: [Snort-sigs] lots of false positives, Neutrino To: <snort-sigs () lists sourceforge net> Message-ID: <067A3D7A9D5A244D87B7E94EA2D369FAE31B7F80 () ENVELOPE rkeng com> Content-Type: text/plain; charset="us-ascii" I was looking at my snort alerts on SecurityOnion today and noticed a TON of alerts for "EXPLOIT-KIT Neutrino exploit kit landing page detected" (rule screenshot is attached) looking at the rules for the past two years I have not seen many false positives on exploit kit landing pages. however this seem to be coming in for a wide range of users and a wide range of sites (everything from dell to evite to bing domains) Just curious if other people out there are experiencing this. with how wide range it is and no other rules indicating compromise i believe it is a false positive however with the current uptick in Neutrino exploit kits in the wild I thought i would submit something here. Thanks! Grant -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: snortrule.jpg Type: image/jpeg Size: 56811 bytes Desc: snortrule.jpg ------------------------------ ------------------------------------------------------------------------------ ------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! End of Snort-sigs Digest, Vol 113, Issue 16 *******************************************
-- Warm Regards, Ankit singh
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-sigs Digest, Vol 113, Issue 16 Ankit singh (Oct 27)
- Re: Snort-sigs Digest, Vol 113, Issue 16 Joel Esler (jesler) (Oct 27)
- Re: Snort-sigs Digest, Vol 113, Issue 16 Ankit singh (Oct 27)
- Re: Snort-sigs Digest, Vol 113, Issue 16 Joel Esler (jesler) (Oct 28)
- Re: Snort-sigs Digest, Vol 113, Issue 16 Ankit singh (Oct 27)
- Re: Snort-sigs Digest, Vol 113, Issue 16 Joel Esler (jesler) (Oct 27)