New Snort.org Website
As many of you know the Snort project recently reached its 10th Anniversary. In honor of this milestone we’re giving Snort a new website to call home. This site update is much more than just a new look and feel. We’re rebuilding the site from the ground up to better serve the nee
Microsoft Tuesday Coverage for April MS09-009, MS09-010, MS09-011, MS09-012, MS09-013, MS09-014, MS09-015, MS09-016
Microsoft Security Advisory MS09-009: A programming error in Microsoft Excel may allow a remote attacker to execute code on a vulnerable system via a specially crafted XLS file. A rule to detect attacks targeting this vulnerability is included in this release and is identified w
Rule release for today - April 10th 2009
Rule for Powerpoint memory corruption bug, CVE-2009-0556, extra rule for MS08-068 and Conficker detection update. More details here: http://www.snort.org/vrt/advisories/vrt-rules-2009-04-10.html
Updating Software
Things to remember when updating software: * Backup what you already have * Use checklists * Read the documentation for the new software (including the INSTALL file and README) you never know what might have changed since the last time you did it * When install
Rule Release for today - April 8th 2009
This release updates the VRT Certified Snort Rules to utilize the new DCE/RPC v2 preprocessor. This change deletes more than 5000 rules in the netbios rule category and replaces them with a much smaller rule set. It aslo contains additional detection for hosts that are currently
Snort 2.8.4 is nigh
Back in February, I wrote about having to upgrade Snort pretty soon. Well, the time is upon us. This week, we will be releasing Snort 2.8.4. When this happens, the only way to stay current with detection for anything DCERPC related will be to upgrade Snort. We will not be releasi
Rule release for today - March 31st 2009
A few new rules in this release, here's the highlights: MySQL Denial of Service (CVE-2009-0819): A programming error in MySQL Server may allow a remote attacker to cause a Denial of Service (DoS) against a vulnerable machine. Mozilla Firefox XML Buffer Overflow: A programmi
Rule release for today - March 27th 2009
A couple of interesting vulnerabilities covered in todays release, first one is for Microsoft Windows: Microsoft Windows GDI Buffer Overflow: A programming error in the Microsoft Windows kernel may allow a remote attacker to execute code with system level privileges. This may be
Geographic Representation of Snort Events
One of the Sourcefire field engineers has whipped up a Perl script that will take events generated by Snort or a Sourcefire appliance and map them using Google Earth. You can find a write up here at Leon's blog where he has an interesting example relating to worm activity.