Date: Mon, 1 Jul 2002 15:01:38 -0700 (PDT) From: twig les <twigles@yahoo.com> To: Steve McGhee <stevem@lmri.ucsb.edu>, snort-users@lists.sourceforge.net Cc: freebsd-security@freebsd.org Subject: Re: instant snort sigs for new vulnerabilites Message-ID: <20020701220138.66193.qmail@web10108.mail.yahoo.com> In-Reply-To: <3D20C250.1020603@lmri.ucsb.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
That's a good idea for a quick script that I should have had done months ago. As soon as I put out the lastest mystery fire I'll see if I can get a reasonable little Lynx-based cronjob. --- Steve McGhee <stevem@lmri.ucsb.edu> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > with all the fuss lately over the new apache worm, > etc, id like to know > if my machine is getting hit (its patched, just > being curious). i know > about mod_blowchunks, but im looking for something > more general.. > > it seems to me that snort could see these attacks > pretty easily. > > is there a tool/method out there that will retrieve > the *latest* snort > signatures automatically? for those of us not > running snort via CVS, id > like a way to do something like cvsup, but _only_ > update my ruleset > every night or whatever. > > i cc: the freebsd team as this might be a cool > (simple) port. (something > like /usr/ports/security/snort-signatures) > > this could be helpful to people who are just > curious, or maybe could > provide some good numbers to shock lazy sysadmins > into actually patching > their machines. > > > ..of course, this is all assuming there's someone > out there writing > signatures ;) > > - -- > - -steve > > ~ > .......................................................... > ~ Steve McGhee > ~ Systems Administrator > ~ Linguistic Minority Research Institute > ~ UC Santa Barbara > ~ phone: (805)893-2683 > ~ email: stevem@lmri.ucsb.edu > > -----BEGIN PGP SIGNATURE----- > Version: PGP 6.5.8 > Comment: Using PGP with Mozilla - > http://enigmail.mozdev.org > > iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns > BcxrxnUpvAJK3Sczy5nY4Ir5 > =9LCO > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message ===== ----------------------------------------------------------- Only fools have all the answers. ----------------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020701220138.66193.qmail>