RE: Snort rules updated?

["Christopher Lyon" <cslyon () netsvcs com>]

It doesn't look like the DCOM rules are in the
../dl/snortrules-current.tar.gz or in the CVS tree. I am sure they will
get them in there but for now use what they have listed:  


http://www.snort.org/snort-db/sid.html?sid=2192
http://www.snort.org/snort-db/sid.html?sid=2193

BTW, if you haven't pulled Oinkmaster down yet, that is a must, very
good tool for updating your sigs and to see what changes.



Good luck,



> -----Original Message-----
> From: CMartin () infosol com [mailto:CMartin () infosol com]
> Sent: Wednesday, August 13, 2003 2:18 PM
> To: erek () snort org
> Cc: snort-users () lists sourceforge net
> Subject: RE: [Snort-users] Snort rules updated?
>
> Thanks Erek,  I'll join the mailing list to keep myself up to date on
the
> sigs, and I like your idea for my own signatures.  But since I missed
the
> email says whether the sigs are up to date with DCOM detection
ability.  I
> was wondering if you can tell me if the rules are up to date?
>
> -----Original Message-----
> From: Erek Adams [mailto:erek () snort org]
> Sent: Wednesday, August 13, 2003 1:40 PM
> To: CMartin () infosol com
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort rules updated?
>
> On Wed, 13 Aug 2003 CMartin () infosol com wrote:
>
> >     Just wanted to get the word when the official rule sets get
updated
> > with the rules to detect DCOM exploit as well as the worm associated
> with
> > the exploit (mblaster.exe).  I like the idea of adding the rule
myself;
> > however, I wouldn't mind bringing my systems up to date by
downloading
> the
> > rule sets with the new rules implemented.  I'm hoping the rule sets
that
> are
> > on the site now are updated :)
>
> Join the snort-sigs mailing list.  It's been posted numerous times
over
> the last few days.
>
> And as for adding rules yourself:  Create a "my.rules" and place your
> rules in there.  Then whenever you auto update rules, that won't get
> overwritten.  Be sure and add it to the include lines at the bottom of
> snort.conf.
>
> Cheers!
>
> -----
> Erek Adams
>
>    "When things get weird, the weird turn pro."   H.S. Thompson
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-
> url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users