Snort mailing list archives
Re: TMG Firewall Client long host entry exploit attempt
From: Carlos G Mendioroz <tron () acm org>
Date: Tue, 04 Mar 2014 17:47:11 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Right, I'm not using Pulled Pork. - From my first skim at PP docs and Snort docs, it seemed that what you would get by just downloading and installing the snapshot was equivalent to the balanced policy. I guess that's not so. The learning curve to get PP running (or actually used in a one shot) seemed steep for my use case (that is, have a standard bell attached to my door just in case). I was not able to understand quickly where the policy to rule data is stored, and just wanted a new edition of snort up and running with current up-to-date rules. May be I missed some quick deploy howto doc. Could this also be the cause of some rules *not* being enabled ? - -Carlos Patrick Mullen @ 04/03/2014 17:27 -0300 dixit:
Carlos, Are you using Pulled Pork to manage your enabled rules, or are you doing it manually? I believe I understand what is going on regarding which rules you have enabled. By default, when the shared object rule stubs are put into the rules files, they are not commented out according to policy. So when you include those stubs, the rule is enabled. Pulled Pork should fix this by commenting out rules that are not in the policy you choose. Thanks, ~Patrick -- Patrick Mullen Response Research Manager Sourcefire VRT
- -- Carlos G Mendioroz <tron () acm org> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMWO88ACgkQ7qM4U9dTH3/begCfQYHCl/PrcsSTBE7FXYaVra5G A/sAnA4KVmk/viPTlN2Ak5vhNNjWunJw =6pyP -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: TMG Firewall Client long host entry exploit attempt, (continued)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 03)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 03)
- Re: TMG Firewall Client long host entry exploit attempt simegnew yihunie (Mar 03)
- Re: TMG Firewall Client long host entry exploit attempt waldo kitty (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Patrick Mullen (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Patrick Mullen (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Carlos G Mendioroz (Mar 04)
- Re: TMG Firewall Client long host entry exploit attempt Joel Esler (jesler) (Mar 02)
- Re: TMG Firewall Client long host entry exploit attempt Randal T. Rioux (Mar 04)