[Emerging-Sigs] Snort 2.9 compatibility with ET rules?

Jun Wan junwei_wan at hotmail.com
Fri Oct 29 23:07:55 EDT 2010


Hi,
 
Just would like to forward this question in this list and ask following questions:
 
1.) Are ET rulesets suitable for Snort 2.9 ??? 
2.)  How can I download ET rulesets automatically similar to oinkmaster usage (with cron)???
 
I am able to download VRT rules and ET rules for Snort 2.8.6 via Oinkmaster (with cron), please see the following:

sudo vi /usr/local/etc/oinkmaster.conf
 
.....  
url = http://www.snort.org/pub-bin/oinkmaster.cgi/a9393504xxxxxxxxxxxxxxxxxxdb292e/snortrules-snapshot-2860.tar.gz
url = http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz
 
.....

Also I noticed lots of duplicated SIDs during the update process, don't know why/how to fix. 
 
 
Any information and help would be much appreciated.
 
Thanks.
 
Regards
 
John


Date: Fri, 29 Oct 2010 16:09:31 -0400
From: jason.weir at nhrs.org
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] URL to download VRT rules



This is the oinkmaster url I use to get the ET ruleset
 
url=http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz

No oinkcode needed....  I can't answer you on the 2.9 compatibility you might as over on the et list..
 
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
 
-J
 


-----Original Message-----
From: Alejandro Cabrera Obed [mailto:aco1967 at gmail.com] 
Sent: Friday, October 29, 2010 3:56 PM
To: Kevin Ross; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] URL to download VRT rules

OK, just two questions: 


1) Are ET ruleset suitable for Snort 2.9 ??? Because I can't see the download link for this Snort version at http://rules.emergingthreats.net/


2) How can I download ET ruleset automatically similar to oinkmaster usage (with cron)???


Thanks a lot






2010/10/28 Kevin Ross <kevross33 at googlemail.com>

I think you may also find use in the emergingthreats rules www.emergingthreats.net. Latest rulesets are here:

http://rules.emergingthreats.net/open-nogpl/snort-2.8.4/emerging.rules.tar.gz

I would recommend you upgrade though to at least snort 2.8.6.1 so you can make use of the improvements and http_modifiers.

http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz

In ET a lot of focus on malware command and control, malware, viruses and current things going on. A worthwhile ruleset to include to detect stuff within your network. 

Regards, Kevin





On 28 October 2010 16:09, Alejandro Cabrera Obed <aco1967 at gmail.com> wrote:




Dear all, I've registered in snort.org to download the VRT rules....I have Snort 2.8.5.3. 


I use oinkmaster to download the rules, but what is the new URL I have to use:





This:http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/<oinkcode>


or this:http://www.snort.org/pub-bin/oinkmaster.cgi/<oinkcode>/snortrules-snapshot-2853.tar.gz
    

Thanks a lot._____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Snort-users mailing list Snort-users at lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101030/0545dd6e/attachment.html


More information about the Emerging-sigs mailing list