| Main Archive Page > Month Archives > snort-users archives |
Re: [Snort-users] so_rule problem
From: Nigel Houghton <nhoughton_at_nospam>Date: Fri Oct 01 2010 - 15:07:22 GMT
To: Jimmy Tharel <jtharel@yahoo.com>
These rules are pre-compiled and are in the subscriber rule packs. They
won't be available in the registered set until Oct 23rd.
On Fri, 1 Oct 2010 07:47:10 -0700 (PDT), Jimmy Tharel wrote:
> I'm trying to get my Snort installation to detect the latest ms10-070
> vulnerability. According to
> http://www.snort.org/vrt/advisories/2010/09/23/vrt-rules-2010-09-23.html
> it should have been included in the rules released on the 23rd.
>
> Rules to detect attacks targeting this vulnerability are included in
> this release and are identified with GID 3, SIDs 17428 and 17429
>
> When I compile the so_rules from source I don't see these 2
> rules/sids (17428 and 17429). I used "snort -c /etc/snort/snort.conf
> --dump-dynamic-rules=/etc/snort/so_rules" to create the .rules
> files. I also went through several of the pre-compiled rules using
> the same method and didn't see these rules/sids there either. Just
> to be thorough I looked through all the normal rules and
> preproc_rules as well and didn't see them there either.
>
> Am I way off base in what I am doing or should these be showing up?
>
> Thanks,
>
> Jimmy
>
>
>
>
>
>
>
------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
>
http://p.sf.net/sfu/novell-sfdev2dev_______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users