http://www.snort.org/pub-bin/snortnews.cgi en News articles from Snort.org http://www.snort.org/pub-bin/snortnews.cgi#169 NOTE: This is the first Community rulepack which uses community-sid-msg.map, instead of the previous sid-msg.map. This change is being made in response to requests from numerous users of the Community rules, in order to make management of multiple rulesets simpler. If you have any questions about this new naming scheme, please e-mail research at sourcefire.com, and we will address them as best we can.<div> </div><div>This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi. </div><div> </div><div>New rules in this release are identified as SIDs 100000196-100000198. These rules detect a directory traversal attack against the Qualcomm Worldmail server, ICMP messages with invalid codes, and scans performed by an NTP-based OS fingerprinting tool. </div><div> </div><div>Sourcefire would like to thank rmkml for submitting these rules. As a reminder, anyone who wishes to submit rules may do so at http://www.snort.org/reg-bin/rulesubmit.cgi. </div><div> </div><div>A list of new rules and their SIDs follows. </div><div>100000196 COMMUNITY IMAP Qualcomm WorldMail SELECT dot dot attempt </div><div>100000197 COMMUNITY ICMP undefined code </div><div>100000198 COMMUNITY MISC Ntp fingerprint detect</div><div> </div><div>Alex Kirk </div><div>Community Rules Maintainer </div><div>Sourcefire, Inc. </div> Alex Kirk (Sourcefire) December 07, 2005 22:34:21 http://www.snort.org/pub-bin/snortnews.cgi#168 <p>Announced today, a new Security website has been launched focused on Wireless Vulernabilities. <a href="http://www.wirelessVE.org">http://www.wirelessVE.org </a> is focused on access to Wireless networks and the vulnerabilities related to wireless networks. </p><p>One of the board members actually happens to be Andrew Lockhart, who, many of our readers may know, is the author of Snort-Wireless, an open source project adding wireless intrusion detection to Snort. </p><p>Check it out!</p> Joel Esler (Sourcefire) December 05, 2005 14:49:31 http://www.snort.org/pub-bin/snortnews.cgi#167 <p>As a thank you for your continued support, Sourcefire would like to wish the Snort community a happy holiday season. We are pleased to extend a 50% discount for annual subscriptions to the Sourcefire VRT Certified Rules. </p> <p>Promotion Details: Use the code "50ink" to receive 50% off an annual subscription to the Sourcefire VRT Certified Rules. This offer is not valid with any other promotion and is only available through December 31st, 2005. </p> <p>More information on Sourcefire subscriptions can be found <a href="http://www.snort.org/rules/why_subscribe.html" target="_blank">here</a>. </p><p><a target="_self" href="https://www.snort.org/reg-bin/subscribe.cgi">Purchase now</a> Questions? <a target="_self" href="mailto:snort-sub@sourcefire.com">E-mail Us</a>.</p> Jennifer Talcott (Sourcefire) December 05, 2005 11:51:08 http://www.snort.org/pub-bin/snortnews.cgi#166 From Georg 'oxff' Wicherski, mwcollect Head Developer...<br /> <br /> The Honeynet Project is proud to announce the release of mwcollect v3.0.1 which contains some minor bug fixes, two new shellcode parsers and most importantly support for the Prelude IDS Aggregator.<br /> <br /> mwcollect is a UNIX daemon dedicated to collecting in-the-wild malware spreading using known exploits. Download it <a target="_blank" href="http://download.mwcollect.org/">here</a> as usual, see the included README file for installation instructions.<br /> <br /> There is no changelog for this update, review the Subversion Log available under <br /> <a target="_blank" href="http://www.mwcollect.org/log/mwcollect3/tags/mwcollect-3.0.1">http://www.mwcollect.org/log/mwcollect3/tags/mwcollect-3.0.1</a> for details.<br /> <br /> Big thanks to the <a target="_blank" href="http://www.mwcollect.org/">mwcollect</a> project. Jennifer Steffens (Sourcefire) December 04, 2005 19:58:17 http://www.snort.org/pub-bin/snortnews.cgi#164 I just wanted to give everyone a final reminder that our first meeting will be held Tuesday December 6th. Information is on our web site at <a href="http://www.kcsnort.org">http://www.kcsnort.org</a>. Please <a href="http://www.snort.org/registrations/rsvp.html"> RSVP</a> if you want to attend. Russ Starr December 04, 2005 14:44:41 http://www.snort.org/pub-bin/snortnews.cgi#165 An interesting article at SecurityFocus discusses a couple of IDS evasion techniques from years past and encourages veryone to use frag3properly...Read the full article <a target="_blank" href="http://www.securityfocus.com/infocus/1852">here</a>. <br /> <br /> For more information, read the <a target="_blank" href="http://www.snort.org/reg/docs/target_based_frag.pdf">Frag3 Development Paper</a> by Judy Novak, Sourcefire VRT.<br /> Nigel Houghton (Sourcefire) December 04, 2005 14:43:40 http://www.snort.org/pub-bin/snortnews.cgi#163 Snort was named in a recent TechRepublic Case study: "How much does unwanted Internet traffic really cost an organization?" Jonathan Yarden's details how he went about gathering this information, and shows how unwanted traffic affects his organization's bottom line. This is an interesting use for Snort but ultimately Yarden states "...like many other Internet problems, the best solution to dealing with junk Internet traffic is to do nothing at all."<br /> <br /> Read the full case study <a href="http://techrepublic.com.com/5100-1009-5967393.html#" target="_blank">here</a>. Jennifer Steffens (Sourcefire) December 03, 2005 18:14:26 http://www.snort.org/pub-bin/snortnews.cgi#161 <p>Come meet members of the Snort team at the LISA (Large Installation Systems Administration) Conference Expo on December 7th and 8th in San Diego! We will be located in booth #38 in the conference’s .org pavilion. The Sguil project will be joining us in our booth as well, so come on out to San Diego for some sun and great Snort conversation!</p> <p>The Snort team will also be hosting a Birds of a Feather session on December 6th from 7-8 pm in the Ascot room. Nigel Houghton from the Sourcefire VRT will be discussing all sorts of fun things you can do with Snort rules.</p> <p>Register <a href="http://www.usenix.org/events/lisa05/registration/">here</a> for the conference! For more information on the event, visit <a href="http://www.usenix.org/events/lisa05/">http://www.usenix.org/events/lisa05/</a>. </p> Jennifer Talcott (Sourcefire) December 01, 2005 15:32:06 http://www.snort.org/pub-bin/snortnews.cgi#160 <p>Next week, Gartner will be hosting a new 2-day conference focusing on Open Source technology. The event will take place from December 7-9 at the JW Marriott Grande Lakes in Orlando, and will discuss the challenges that open source software introduces into modern mainstream IT organizations, offering suggestions on how to most effectively manage open source as an integral element of long term IT strategies.</p> <p><a href="https://www.gartner.com/EvReg/evRegister?EvCd=APN15">Register now</a> for this event.</p> <p>Further information about this conference can be found <a href="http://www.gartner.com/2_events/conferences/os1_section.jsp">here</a>. </p> Jennifer Talcott (Sourcefire) December 01, 2005 15:30:07 http://www.snort.org/pub-bin/snortnews.cgi#159 <p>The Irvine Underground will be hosting a video conference interview with Snort lead developer, Marc Norton. All are welcome to attend. If you can not make it to the meeting but would like to have a question answered by Marc, please send your question to daman at irvineunderground.<br /> <br /> Details:<br /> When: December 9th 2005<br /> Where: 14141 Jeffrey Road<br /> Irvine, CA. 92620</p><p>For more details about the Irvine Underground, visit their <a target="_blank" href="http://www.irvineunderground.org/index.php">web site</a>. </p> Jennifer Steffens (Sourcefire) November 29, 2005 15:20:44