Open Hub
Open Hub

 Settings |  Report Duplicate

88
I Use This!
High Activity

News

Analyzed about 12 hours ago. based on code collected about 13 hours ago.
Snort Subscriber Rule Set Update for 10/09/2014
Posted almost 11 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 10/09/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 20 new rules and made modifications to 5 additional rules. There were no changes made to ... [More] the snort.conf in this release. Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:Avery Tarasov32130Talos's rule release: The VRT has added and modified multiple rules in the blacklist, browser-firefox, file-identify, file-office, file-other, malware-cnc, pua-adware, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort Subscriber Rule Set Update for 10/08/2014
Posted almost 11 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 10/08/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 18 new rules and made modifications to 10 additional rules. There were no changes made to ... [More] the snort.conf in this release.Talos's rule release: The VRT has added and modified multiple rules in the browser-plugins, file-office, file-other, protocol-dns, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort OpenAppID Detectors have been updated!
Posted almost 11 years ago by [email protected] (Joel Esler)
With Snort 2.9.7.0 RC's release, we've also posted updated Snort OpenAppID Detector content now available for download.Available now for download from our downloads page, we look forward to your downloading and using the new features of 2.9.7.0's ... [More] OpenAppId preprocessor and sharing your experiences with the community.The OpenAppId community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up. [Less]
Snort 2.9.7.0 Release Candidate is now available for download!
Posted almost 11 years ago by [email protected] (Joel Esler)
Some exciting news! The Snort 2.9.7.0 Release Candidate has been posted!You will also notice that separate RPMs have been posted with the OpenAppID detector content already built in!Below are the release notes, including the new OpenAppID ... [More] Preprocessor, the new Stream6 preprocessor, and the ability to deflate compressed PDF and Flash files:2014-06-04 - Snort 2.9.7.0 rc[*] New additions* Application Identification Preprocessor, when used in conjunction withOpenAppID detector content, that will identify application protocol,client, server, and web applications (including those using SSL) andinclude the info in Snort alert data. In addition, a new rule optionkeyword 'appid' that can be used to constrain Snort rules based on oneor more applications that are identified for the connection.See README.appid for details.* A new protected_content rule option that is used to match against a contentthat is hashed. It can be used to obscure the full context of the rule fromthe administrator.* Protocol Aware Flushing (PAF) improvements for SMTP, POP, and IMAP tomore accurately process different portions of email messages and fileattachments.* Added ability to test normalization behavior without modifying network traffic.When configured using na_policy_mode:inline-test, statistics will be gatheredon packet normalizations that would have occurred, allowing less disruptivetesting of inline deployments.* The HTTP Inspection preprocessor now has the ability to decompressDEFLATE and LZMA compressed Flash content and DEFLATE compressed PDFcontent from http responses when configured with the new decompress_swfand decompress_pdf options. This enhancement can be used with existing ruleoptions that already match against decompressed equivalents.* Added improved XFF support to HttpInspect. It is now possible to specify customHTTP headers to use in place of 'X-Forwarded-For'. In situations where traffic maycontain multiple XFF-like headers, it is possible to specify which headers holdprecedence.* Added support for Heartbleed detection and alerting within the preprocessor.* Added control socket command to dump packets.* Added an option to suppress configuration information logging to output.* The Stream5 preprocessor functionality is now split between the new Session and Stream preprocessors.[*] Improvements* Maximum IP6 extensions decoded is now configurable. * Update active response to allow for responses of 1500+ bytes that spanmultiple TCP packets.* Check limits of multiple configurations to not exceed a maximum ID of 4095.* Updated the error output of byte_test, byte_jump, byte_extract toincluding details on offending options for a given rule.* Update build and install scripts to install preprocessor and engine librariesinto user specified libdir.* Improved performance of IP Reputation preprocessor.* The control socket will now report success when reloading empty IP Reputation whitelists/blacklists.* All TCP normalizations can now be enabled individually. See README.normalize for details on usingthe new options. For consistency with other options, the "urp" tcp normalization keyword nowenables the normalization instead of disabling it.* Lowered memory demand of Unicode -> ASCII mapping in HttpInspect.* Updated profiler output to remove duplicate results when using multiple configurations.* Improved performance of FTP reassembly.* Improved compatibility with Mac OSX 10.9 (Mavericks), OpenBSD, FreeBSD, and DragonFlyBSD* Stability improvements in Stream6 preprocessor and FTP preprocessor.As always you can download Snort 2.9.7.0 RC from the downloads page under "Snort Development Release"Any comments, issues, or bugs can be reported via the Snort-Development mailing list.Happy Snorting!-- The Snort Team [Less]
Snort Subscriber Rule Set Update for 10/07/2014
Posted almost 11 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 10/07/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 31 new rules and made modifications to 8 additional rules.There were no changes made to ... [More] the snort.conf in this release. Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:Yaser Mansour320723207332074Talos's rule release: The VRT has added and modified multiple rules in the blacklist, file-flash, file-office, file-other, malware-backdoor, malware-cnc, os-other and server-other rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
DerbyCon OpenAppID Presentation
Posted almost 11 years ago by [email protected] (Adam W. Hogan)
If you couldn't make it to DerbyCon this year you can still catch all the talks thanks to all the volunteers over at Iron Geek. This includes my talk on Open AppID. Check it out for an introduction to the latest in open source application detection we've added to Snort.
Installing and Configuring OpenFPC 0.9
Posted almost 11 years ago by [email protected] (Joel Esler)
Our very own Leon Ward here at Cisco has released a blog post detailing the Install and Configuration of OpenFPC 0.9 over on his blog.Venture over there and have a look at the guide!
Snort Subscriber Rule Set Update for 10/02/2014
Posted almost 11 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 10/02/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 24 new rules and made modifications to 4 additional rules. There were no changes made to ... [More] the snort.conf in this release. Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:Yaser Mansour320653206632067Talos's rule release: The VRT has added and modified multiple rules in the blacklist, file-office, file-pdf, malware-backdoor, malware-cnc, os-other and server-webapp rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort Subscriber Rule Set Update for 09/30/2014
Posted almost 11 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 09/30/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 32 new rules and made modifications to 6 additional rules. There were no changes made to ... [More] the snort.conf in this release.Talos's rule release: The VRT has added and modified multiple rules in the blacklist, browser-other, exploit-kit, file-flash, file-office, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]
Snort Subscriber Rule Set Update for 09/26/2014
Posted almost 11 years ago by [email protected] (Joel Esler)
Just released:Snort Subscriber Rule Set Update for 09/26/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 3 new rules and made modifications to 7 additional rules. There were no changes made to ... [More] the snort.conf in this release. Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:Avery Tarasov319903199132008Yaser Mansour320093201032011Talos's rule release: The VRT has added and modified multiple rules in the exploit-kit and os-other rule sets to provide coverage for emerging threats from these technologies. In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats! [Less]