From owner-freebsd-ports Mon Jul 1 13:58: 5 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4E1A37B400; Mon, 1 Jul 2002 13:58:00 -0700 (PDT) Received: from lmri.ucsb.edu (orion.lmri.ucsb.edu [128.111.199.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B31843E26; Mon, 1 Jul 2002 13:58:00 -0700 (PDT) (envelope-from stevem@lmri.ucsb.edu) Received: from lysander.lmri.ucsb.edu ([128.111.199.198] helo=lmri.ucsb.edu) by lmri.ucsb.edu with esmtp (Exim 3.31 #4) id 17P8F7-0009hz-00; Mon, 01 Jul 2002 13:57:53 -0700 Message-ID: <3D20C250.1020603@lmri.ucsb.edu> Date: Mon, 01 Jul 2002 13:57:52 -0700 From: Steve McGhee Organization: UC LMRI User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1a) Gecko/20020611 X-Accept-Language: en-us, en MIME-Version: 1.0 To: snort-users@lists.sourceforge.net Cc: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: instant snort sigs for new vulnerabilites X-Enigmail-Version: 0.62.4.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 with all the fuss lately over the new apache worm, etc, id like to know if my machine is getting hit (its patched, just being curious). i know about mod_blowchunks, but im looking for something more general.. it seems to me that snort could see these attacks pretty easily. is there a tool/method out there that will retrieve the *latest* snort signatures automatically? for those of us not running snort via CVS, id like a way to do something like cvsup, but _only_ update my ruleset every night or whatever. i cc: the freebsd team as this might be a cool (simple) port. (something like /usr/ports/security/snort-signatures) this could be helpful to people who are just curious, or maybe could provide some good numbers to shock lazy sysadmins into actually patching their machines. ..of course, this is all assuming there's someone out there writing signatures ;) - -- - -steve ~ .......................................................... ~ Steve McGhee ~ Systems Administrator ~ Linguistic Minority Research Institute ~ UC Santa Barbara ~ phone: (805)893-2683 ~ email: stevem@lmri.ucsb.edu -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Using PGP with Mozilla - http://enigmail.mozdev.org iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns BcxrxnUpvAJK3Sczy5nY4Ir5 =9LCO -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message