|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Snort-users] [Fwd: Auto update of sigs (was: Novarg Virus)]
bclark
bwkip.com
Date: Wed Jan 28 2004 - 15:31:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This message was sent to me alone but was meant for the sigs list also
forwarding to the users list as it may be more revelant to that list.
Brian
---------------------------- Original Message ----------------------------
Subject: Auto update of sigs (was: Novarg Virus)
From: "Bryan Irvine" <bryan.irvinekingcountyjournal.com>
Date: Wed, January 28, 2004 2:37 pm
To: bclarkbwkip.com
--------------------------------------------------------------------------
This thread got me wondering about a script that polls the snort site
occasionally and downloads the latest rules. Does anyone have something
like this running? What would be the recommended process for this?
--Bryan
On Tue, 2004-01-27 at 15:25, bclarkbwkip.com wrote:
> I was trying to add the rule that was given for the DOS part. when I
restart snort I get Jan 27 17:27:35 laptop snort: FATAL ERROR:
> ../rules/dos.rules(26) => ParsePattern Got Null enclosed in quotation
marks (")!
>
> Not sure what to change since this is the first rule I am adding myself.
>
> Brian
>
> alert tcp any any -> any 80 (msg:"W32_Novarg_SCO_DOS"; content:"GET /
HTTP/1.1|0d0a|Host: www.sco.com|0d0a0d0a|"; offset:0; dsize:37;)
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigslists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]