Open Hub
Open Hub

 Settings |  Report Duplicate

88
I Use This!
High Activity

News

Analyzed 2 days ago. based on code collected 2 days ago.
Snort Subscriber Rule Set License 3.1
Posted about 10 years ago by [email protected] (Joel Esler)
Some of you may have noticed, upon sign in on Snort.org, you are being asked re-agree to the Snort Subscriber Rule Set license.  To make sure everyone is aware, I wanted to make sure I put out a blog post about the reset and highlight the changes ... [More] that are being made to the Subscriber and Registered Rule Sets, and be as open as I can to answer any questions you may have.Snort Subscriber Rule Set License 3.1There are three changes to the ruleset, the first is here:"1.5. “Limited Ruleset” means those Rules that have been expressly designated by Cisco Talos as “Limited Ruleset”, and are tagged or otherwise identified as “ruleset limited” in the ruleset."The second is in paragraph 2.1:"Notwithstanding the foregoing, under no circumstances may You distribute the Limited Ruleset, or any portion thereof, to a Registered User or to any third party or otherwise make the Limited Ruleset available to any third party or allow a third party to use the Limited Ruleset."The third is in paragraph 2.2:"Notwithstanding the foregoing, as a Registered User, You have no right or license under this Agreement to use, transfer, Modify, distribute, copy or reproduce the Limited Ruleset, or any portion thereof."Let me break this down slightly easier, in plain english.In upcoming weeks we will begin distributing detection and prevention to a completely new set of exploits and vulnerabilities.  The detection and prevention against these vulnerabilities (almost exclusively "zero day" type vulnerabilities) is going to be built and shipped, not only in our Shared Object rule format in a protected fashion, but will also only be made available to subscribers to the rule set as well as to Cisco FirePOWER customers.To date, all content that has ever been in the subscriber ruleset, after 30 days, has been made available for free to the registered rule set.  That practice will still continue, except those things that are tagged "ruleset limited" in the metadata of the rule.  The rules, tagged in that fashion, again, will only be made available to subscribers, and we currently have no plans to make it available to registered users.  We currently have no plans of expanding the "limited" ruleset beyond this new set of exploits and vulnerabilities.The VAST majority of our detection will remain exactly the way it has been for years.  Built and distributed to subscribers on the day it is released, then released 30 days later to registered users. This offering is not only to provide detection for a new set of vulnerabilities and exploits to our customers, but also to add value to the Subscriber Rule Set, as to date, the only difference has been essentially, the release date.A few questions you may have:What do I have to do, if I am subscriber, to take advantage of this new detection coming?Nothing.  It will be built into your ruleset.  If you are using pulledpork, or a custom method, to download, install, and use our Shared Object rules, then you are already good to go.What do I have to do, if I am a registered user, and I don't want this new content?Nothing.  You will continue to receive 30 day delayed content from the Snort Subscriber Rule Set, for free, without this new "limited" ruleset.What do I have to do, if I am a registered user, and I do want this new content?Subscribe.  As a reminder, the personal subscription is for home/educational use only, business subscribers have a flat rate of 399 a sensor to subscribe.  The easiest way to subscribe is via credit card, directly on Snort.org, which renews itself annually so you don't miss coverage.What do I have to do, if I am a Snort Integrator, and I want to distribute this new content?Nothing.  It will be built into your integrator offering already, you may re-distribute this content to your clients pursuant to the Integrator license you agreed to on Snort.org, or signed, when you became an Integrator.  As long as you are in good standing with us, you receive the content as part of your package. What do I need to do, if I want to become a Snort Integrator, and redistribute the ruleset?Start here first.  For those of you that are not Integrators, want to be, or used to be, you'll notice that we have eliminated the "minimum fee" we used to charge against all Integrators, and now your fee is solely based on royalty usage.Will I be able to read the content of the rules?Unfortunately no, we must distribute this detection in our protected Shared Object format.  (Not all Shared Object rule content is protected.)This new content is offered to all personal, business, and Integrator subscribers of the Snort Subscriber Rule Set at no additional fee, we also have no plans of increasing the price of the ruleset, and have fought hard to keep the price the same.Questions?You can email us directly at [email protected]. [Less]
Snort++ Update
Posted about 10 years ago by [email protected] (Russ Combs)
Pushed build 165 to github (snortadmin/snort3):flow depth support for new_http_inspectTCP session refactoring and create libtcpfix ac_sparse_bands search methoddoc and build tweaks for pigletsexpanded piglet interfaces and other enhancementsfix unit ... [More] test return valueadd catch.hpp include from https://github.com/philsquared/Catchrun catch unit tests after check unit testsfix documentation errors in users manual [Less]
Snort Subscriber Rule Set Update for 08/13/2015, Apple Quicktime Vulnerabilities
Posted about 10 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 08/13/2015We welcome the introduction of the newest rule release from Talos. In this release we introduced 9 new rules and made modifications to 27 additional rules. There were no changes made to ... [More] the snort.conf in this release.Talos's rule release: Apple QuickTime Vulnerabilities CVE-2015-3788 through CVE-2015-3792: Apple QuickTime for Windows suffers from programming errors that may lead to remote code execution. A previously released rule will detect attacks targeting these vulnerabilities and has been updated with the appropriate reference information. It is included in this release and is identified with GID 1, SID 12746. New rules to detect attacks targeting these vulnerabilities are also included in this release and are identified with GID 1, SIDs 35560 through 35568. Talos has also added and modified multiple rules in the browser-ie, browser-other, file-flash, file-image, file-multimedia, file-office, netbios, os-windows, protocol-icmp and server-other rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort Subscriber Rule Set Update for 08/12/2015
Posted about 10 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 08/12/2015We welcome the introduction of the newest rule release from Talos. In this release we introduced 29 new rules and made modifications to 5 additional rules. There were no changes made to ... [More] the snort.conf in this release. Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:Yaser Mansour35549Talos's rule release: Talos has added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-flash, file-identify, malware-cnc, os-mobile, policy-other, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort Subscriber Rule Set Update for 08/11/2015, MSTuesday
Posted about 10 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 08/11/2015We welcome the introduction of the newest rule release from Talos. In this release we introduced 58 new rules and made modifications to 4 additional rules. There were no changes made to ... [More] the snort.conf in this release.Talos's rule release: Microsoft Security Bulletin MS15-079:Microsoft Internet Explorer suffers from programming errors that may lead toremote code execution.Rules to detect attacks targeting these vulnerabilities are included in thisrelease and are identified with GID 1, SIDs 35473 through 35482, 35487 through35488, 35493 through 35494, and 35507 through 35508.Microsoft Security Bulletin MS15-080:A coding deficiency exists in a Microsoft Graphics Component that may lead toremote code execution.Rules to detect attacks targeting these vulnerabilities are included in thisrelease and are identified with GID 1, SIDs 35483 through 35486, 35489 through35492, 35495 through 35498, 35513 through 35520, 35523 through 35526, and 35529through 35530.Microsoft Security Bulletin MS15-081:A coding deficiency exists in Microsoft Office that may lead to remote codeexecution.Rules to detect attacks targeting these vulnerabilities are included in thisrelease and are identified with GID 1, SIDs 35501 through 35506, 35509 through35512, 35521 through 35522, and 35527 through 35528.Microsoft Security Bulletin MS15-090:A coding deficiency exists in Microsoft Windows that may lead to escalation ofprivilege.Previously released rules will detect attacks targeting this vulnerability andhave been updated with the appropriate reference information. They are includedin this release and are identified with GID 1, SIDs 35139 through 35140.Microsoft Security Bulletin MS15-091:A coding deficiency exists in Microsoft Edge that may lead to remote codeexecution.Rules to detect attacks targeting these vulnerabilities are included in thisrelease and are identified with GID 1, SIDs 35499 through 35500.Talos has also added and modified multiple rules in the browser-ie,file-office, file-other and policy-other rule sets to provide coverage foremerging threats from these technologies.In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort++ Update
Posted about 10 years ago by [email protected] (Russ Combs)
Pushed build 164 to github (snortadmin/snort3):add range and default to command line argsfix unit test build on osxDAQ packet header conditional compilation for pigletadd make targets for dev_guide.html and snort_online.htmlcleanup debug macrosfix ... [More] parameter range for those depending on loaded plugins (thanks to Siti Farhana Binti Lokman <[email protected]> for reporting the issue) [Less]
Snort Subscriber Rule Set Update for 08/06/2015
Posted about 10 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 08/06/2015We welcome the introduction of the newest rule release from Talos. In this release we introduced 41 new rules and made modifications to 10 additional rules. There were no changes made to ... [More] the snort.conf in this release.Talos's rule release: Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, file-flash, file-identify, file-java, file-office, indicator-scan, malware-cnc, os-mobile and server-webapp rule sets to provide coverage for emerging threats from these technologies.In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort Subscriber Rule Set Update for 08/04/2015
Posted about 10 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 08/04/2015We welcome the introduction of the newest rule release from Talos. In this release we introduced 15 new rules and made modifications to 8 additional rules. There were no changes made to ... [More] the snort.conf in this release. Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:Yaser Mansour353863538735388353893539035391353923539335394Talos's rule release: Talos has added and modified multiple rules in the browser-plugins, file-office, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
OpenAppID in the IoE world
Posted about 10 years ago by [email protected] (Costas Kleopa)
With the introduction of OpenAppID in 2014, we have received a lot of valuable feedback on what improvements and capabilities would be great to have in our product. Since then, we have managed to increase our capabilities and our coverage has been ... [More] increased from 1,000 OpenAppID detectors to 2,600 and counting.The case of having an open, application-focused detection language and processing module for Snort has attracted the attention of the Internet of Everything (IoE) world. There are countless devices out there using the internet on their own, varying from a remote IP based camera to an industrial based sensor in which may include some security features on them. With the combination of OpenAppID and Snort we are giving the capability to the open source community to create their own application-based protocols and classifications, which can be used to provide a better threat-centric solution on this field as well. Using this scripting based language, someone can quickly test and understand different protocols that IoE devices can provide. It can be used to provide further analytics when it comes to a specific device's behavior, and validate some of the protocol's data with the rest of the IoEs. It has been used to provide multi-layer based applications for identifying different behaviors and actions of specific protocols, and has given the ability to track an application state between different traffic patterns within the same application flow or even an external one.In addition to that, operators can use these tools to control the access of specific IoEs based on the networks they are located. For example, someone can allow a device to operate from "Network Source A" -> "Network Destination B" only when the protocol is DNP3 Read. Any other type of DNP3 operation would not be allowed between that source and destination.Policies like that can help create an additional level of security and with the combination of the IPS capabilities of snort, you can get the best of both worlds.For more information, check out OpenAppID and our open source detectors at http://www.snort.org [Less]
Snort 2.9.7.x installation guide for Fedora 22 has been posted!
Posted about 10 years ago by [email protected] (Joel Esler)
Thanks so much to Mr. William Parker for his contribution of the Fedora 22 installation guide for Snort 2.9.7.x.I've posted it under "Snort Setup Guides" on the official Snort Documentation page.Thanks to Mr. Parker for not only this guide but for all of his contributions on Snort.org!  The community is what makes it work!