OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Steve McGhee (stevemlmri.ucsb.edu)
Date: Mon Jul 01 2002 - 15:57:52 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    with all the fuss lately over the new apache worm, etc, id like to know
    if my machine is getting hit (its patched, just being curious). i know
    about mod_blowchunks, but im looking for something more general..

    it seems to me that snort could see these attacks pretty easily.

    is there a tool/method out there that will retrieve the *latest* snort
    signatures automatically? for those of us not running snort via CVS, id
    like a way to do something like cvsup, but _only_ update my ruleset
    every night or whatever.

    i cc: the freebsd team as this might be a cool (simple) port. (something
    like /usr/ports/security/snort-signatures)

    this could be helpful to people who are just curious, or maybe could
    provide some good numbers to shock lazy sysadmins into actually patching
    their machines.

    ..of course, this is all assuming there's someone out there writing
    signatures ;)

    - --
    - -steve

    ~ ..........................................................
    ~ Steve McGhee
    ~ Systems Administrator
    ~ Linguistic Minority Research Institute
    ~ UC Santa Barbara
    ~ phone: (805)893-2683
    ~ email: stevemlmri.ucsb.edu

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 6.5.8
    Comment: Using PGP with Mozilla - http://enigmail.mozdev.org

    iQA/AwUBPSDCUKUr5syonrLMEQKjYQCfRiRGHIGGviqfGl/9xvRNpaambakAoIns
    BcxrxnUpvAJK3Sczy5nY4Ir5
    =9LCO
    -----END PGP SIGNATURE-----

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message