Date: Wed, 3 Jul 2002 01:42:13 +0200 From: "Stefan Dens" <stefan.dens@pandora.be> To: "Steve McGhee" <stevem@lmri.ucsb.edu>, <snort-users@lists.sourceforge.net> Cc: <freebsd-security@freebsd.org>, <freebsd-ports@freebsd.org> Subject: Re: [Snort-users] instant snort sigs for new vulnerabilites Message-ID: <002501c22222$17a1fe40$0201010a@piii500> References: <3D20C250.1020603@lmri.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Well, you can do that with snortcenter, you can adjust rules to your own network setting and update them from the internet without changing your own configuration. The only problem is that snortcenter needs build-in user authentication, if you want to run it from a cron job with lynx or wget. I will make an option to disable it for auto-update. http://users.pandora.be/larc (Just a remark: if to many people are gone use some sort of auto-update utility, to fetch the snortrules from the snort website, I'll guess there bandwidth will be gone. And I know that there is a checksum for the snortrules file, but it seems to change every hour without there is a change to the rules.) Stefan Dens ----- Original Message ----- From: "Steve McGhee" <stevem@lmri.ucsb.edu> To: <snort-users@lists.sourceforge.net> Cc: <freebsd-security@freebsd.org>; <freebsd-ports@freebsd.org> Sent: Monday, July 01, 2002 10:57 PM Subject: [Snort-users] instant snort sigs for new vulnerabilites > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > with all the fuss lately over the new apache worm, etc, id like to know > if my machine is getting hit (its patched, just being curious). i know > about mod_blowchunks, but im looking for something more general.. > > it seems to me that snort could see these attacks pretty easily. > > is there a tool/method out there that will retrieve the *latest* snort > signatures automatically? for those of us not running snort via CVS, id > like a way to do something like cvsup, but _only_ update my ruleset > every night or whatever. > > i cc: the freebsd team as this might be a cool (simple) port. (something > like /usr/ports/security/snort-signatures) > > this could be helpful to people who are just curious, or maybe could > provide some good numbers to shock lazy sysadmins into actually patching > their machines. > > > ..of course, this is all assuming there's someone out there writing > signatures ;) > > - -- > - -steve > > ~ .......................................................... > ~ Steve McGhee > ~ Systems Administrator > ~ Linguistic Minority Research Institute > ~ UC Santa Barbara > ~ phone: (805)893-2683 > ~ email: stevem@lmri.ucsb.edu > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Using PGP with Mozilla - http://enigmail.mozdev.org > > iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns > BcxrxnUpvAJK3Sczy5nY4Ir5 > =9LCO > -----END PGP SIGNATURE----- > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > No, I will not fix your computer. > http://thinkgeek.com/sf > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501c22222$17a1fe40$0201010a>