Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-sigs Digest, Vol 75, Issue 1

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 3 Aug 2012 17:44:48 -0400
Looks like you are using the old COMMUNITY rules.  I suggest you purge these from your system and use the VRT Ruleset 
at http://www.snort.org/snort-rules

The Registered User release is free.


On Aug 2, 2012, at 7:56 PM, PR <oly562 () gmail com> wrote:


Greetings,

I am running acidbase on ubuntu server. 

i found this entry:

COMMUNITY SIP TCP/IP message flooding directed to SIP proxy

 ID   < Signature >   < Timestamp >   < Source Address >   < Dest. Address >   < Layer 4 Proto >  #0-(7-1) [snort] 
COMMUNITY SIP TCP/IP message flooding directed to SIP proxy 2012-08-02 06:42:12 192.168.1.14:36642 91.189.92.184:80 
TCP

I am also a bit perplexed why snort and a sig that is not listed on snort ID site:  
http://www.snortid.com/snortid.asp?QueryId=1:100000160
does not yeild any results.

Could you comment on how a clean installed snort acidbase be sending out from a source: 192.168.1.14 to a 
destination: 91.189.92.184:80

Notable: I have no automatic updates turned on on snort or ubuntu

Anyone care to comment? thanks guys/gals.

l8 oly anderson
snort user for like years now and I still dont know shyt.. lol.


<snip>

BTW -- For those of you that are playing -- that's two drinks:

http://blog.joelesler.net/p/snort-drinking-game.html

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: