| Main Archive Page > Month Archives > snort-users archives |
[Snort-users] so_rule problem
From: Jimmy Tharel <jtharel_at_nospam>Date: Fri Oct 01 2010 - 14:47:10 GMT
To: snort-users@lists.sourceforge.net
I'm trying to get my Snort installation to detect the latest ms10-070
vulnerability. According to
http://www.snort.org/vrt/advisories/2010/09/23/vrt-rules-2010-09-23.html it
should have been included in the rules released on the 23rd.
Rules to detect attacks targeting this vulnerability are included in this
release and are identified with GID 3, SIDs 17428 and 17429
When I compile the so_rules from source I don't see these 2 rules/sids (17428
and 17429). I used "snort -c /etc/snort/snort.conf
--dump-dynamic-rules=/etc/snort/so_rules" to create the .rules files. I also
went through several of the pre-compiled rules using the same method and didn't
see these rules/sids there either. Just to be thorough I looked through all the
normal rules and preproc_rules as well and didn't see them there either.
Am I way off base in what I am doing or should these be showing up?
Thanks,
Jimmy
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users