mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2010-11-02
From: infosec posts <infosec.posts () gmail com>
Date: Wed, 3 Nov 2010 10:08:15 -0500
I had forgotten that we have a subscription issue (organizational
problem on our side), so I'll apologize for making a false assumption.
Thanks for the response.
On Wed, Nov 3, 2010 at 10:02 AM, Joel Esler <jesler () sourcefire com> wrote:
On Wed, Nov 3, 2010 at 10:44 AM, infosec posts <infosec.posts () gmail com>
My update routine didn't find any changes last night, and I can't find
any of these signatures in the tarballs I'm pulling this morning:
17808 <-> SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption
attempt (specific-threats.rules, High)
17809 <-> WEB-CLIENT quicktime movie file transfer (web-client.rules, Low)
17810 <-> WEB-MISC potential malware - download of server32.exe
17811 <-> WEB-MISC potential malware - download of svchost.exe
17812 <-> WEB-MISC potential malware - download of iexplore.exe
17813 <-> WEB-MISC potential malware - download of iprinp.dll
17814 <-> WEB-MISC potential malware - download of winzf32.dll
I pulled 184.108.40.206, 220.127.116.11, and 18.104.22.168 a few minutes ago, but I didn't
find the new signatures in any of them. Now I'm getting 403/Forbidden
on 22.214.171.124 and 126.96.36.199, so I'm going to guess that you've realized you
forgot to actually include the new signatures again, and you're fixing
I am running pulledpork right this very second, and I am able to grab the
rules file. I'll check to see if the rules are in my build.
We are doing work to the website today as well, so that may affect some
<waiting for pulledpork to get done>
Yup, they are all there for me. Using the subscriber set. Do you have the
subscriber set? Your subscription isn't expired or anything is it?
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware,
phishing sites, and compromised hosts - saving your company time,
money, and embarrassment. Learn More!
Snort-sigs mailing list
Snort-sigs () lists sourceforge net