This repository has been archived by the owner on Jul 13, 2021. It is now read-only.
snort rules (2015) - websnort #7
Comments
|
Thanks for reporting this David. I never used the rules on the system, but maybe we need to update them with other community rules. |
|
Look into a tool called pulledpork - the end user obtains an API key and the tool from snort.org (free) then running that tool pulls down current rulesets, or users can manually d/l and update the rules. Boug Burke's Security Onion uses pulledpork for ref, et al. GL, David. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The snort rules: /etc/snort/rules are circa 2015
websnort does not indicate how 'old' the snort rules are that a user is relying on for detection, I realize you do not develop this tool, etc. snort users, like myself, look at these first thing when using snort...others may not and rely on old rules, etc.
dav1d@tsurugi:~/Desktop$ ls /etc/snort/rules/ -alhr
total 1.6M
-rw-r--r-- 1 root root 1.5K Jun 30 2015 x11.rules
-rw-r--r-- 1 root root 36K Jun 30 2015 web-php.rules
-rw-r--r-- 1 root root 96K Jun 30 2015 web-misc.rules
-rw-r--r-- 1 root root 40K Jun 30 2015 web-iis.rules
-rw-r--r-- 1 root root 11K Jun 30 2015 web-frontpage.rules
-rw-r--r-- 1 root root 9.8K Jun 30 2015 web-coldfusion.rules
-rw-r--r-- 1 root root 11K Jun 30 2015 web-client.rules
-rw-r--r-- 1 root root 101K Jun 30 2015 web-cgi.rules
-rw-r--r-- 1 root root 11K Jun 30 2015 web-attacks.rules
-rw-r--r-- 1 root root 2.1K Jun 30 2015 virus.rules
-rw-r--r-- 1 root root 3.4K Jun 30 2015 tftp.rules
-rw-r--r-- 1 root root 5.0K Jun 30 2015 telnet.rules
-rw-r--r-- 1 root root 18K Jun 30 2015 sql.rules
-rw-r--r-- 1 root root 5.7K Jun 30 2015 snmp.rules
-rw-r--r-- 1 root root 24K Jun 30 2015 smtp.rules
-rw-r--r-- 1 root root 9.7K Jun 30 2015 shellcode.rules
-rw-r--r-- 1 root root 4.9K Jun 30 2015 scan.rules
-rw-r--r-- 1 root root 3.7K Jun 30 2015 rservices.rules
-rw-r--r-- 1 root root 52K Jun 30 2015 rpc.rules
-rw-r--r-- 1 root root 5.8K Jun 30 2015 porn.rules
-rw-r--r-- 1 root root 9.4K Jun 30 2015 pop3.rules
-rw-r--r-- 1 root root 2.1K Jun 30 2015 pop2.rules
-rw-r--r-- 1 root root 6.1K Jun 30 2015 policy.rules
-rw-r--r-- 1 root root 5.0K Jun 30 2015 p2p.rules
-rw-r--r-- 1 root root 2.2K Jun 30 2015 other-ids.rules
-rw-r--r-- 1 root root 174K Jun 30 2015 oracle.rules
-rw-r--r-- 1 root root 4.7K Jun 30 2015 nntp.rules
-rw-r--r-- 1 root root 278K Jun 30 2015 netbios.rules
-rw-r--r-- 1 root root 1.9K Jun 30 2015 mysql.rules
-rw-r--r-- 1 root root 3.7K Jun 30 2015 multimedia.rules
-rw-r--r-- 1 root root 19K Jun 30 2015 misc.rules
-rw-r--r-- 1 root root 199 Jun 30 2015 local.rules
-rw-r--r-- 1 root root 3.3K Jun 30 2015 info.rules
-rw-r--r-- 1 root root 14K Jun 30 2015 imap.rules
-rw-r--r-- 1 root root 5.3K Jun 30 2015 icmp.rules
-rw-r--r-- 1 root root 17K Jun 30 2015 icmp-info.rules
-rw-r--r-- 1 root root 22K Jun 30 2015 ftp.rules
-rw-r--r-- 1 root root 4.2K Jun 30 2015 finger.rules
-rw-r--r-- 1 root root 31K Jun 30 2015 exploit.rules
-rw-r--r-- 1 root root 1.4K Jun 30 2015 experimental.rules
-rw-r--r-- 1 root root 6.2K Jun 30 2015 dos.rules
-rw-r--r-- 1 root root 6.6K Jun 30 2015 dns.rules
-rw-r--r-- 1 root root 63K Jun 30 2015 deleted.rules
-rw-r--r-- 1 root root 7.5K Jun 30 2015 ddos.rules
-rw-r--r-- 1 root root 160K Jun 30 2015 community-web-php.rules
-rw-r--r-- 1 root root 68K Jun 30 2015 community-web-misc.rules
-rw-r--r-- 1 root root 1.5K Jun 30 2015 community-web-iis.rules
-rw-r--r-- 1 root root 254 Jun 30 2015 community-web-dos.rules
-rw-r--r-- 1 root root 4.5K Jun 30 2015 community-web-client.rules
-rw-r--r-- 1 root root 5.1K Jun 30 2015 community-web-cgi.rules
-rw-r--r-- 1 root root 2.4K Jun 30 2015 community-web-attacks.rules
-rw-r--r-- 1 root root 3.7K Jun 30 2015 community-virus.rules
-rw-r--r-- 1 root root 4.0K Jun 30 2015 community-sql-injection.rules
-rw-r--r-- 1 root root 2.7K Jun 30 2015 community-smtp.rules
-rw-r--r-- 1 root root 3.5K Jun 30 2015 community-sip.rules
-rw-r--r-- 1 root root 1.6K Jun 30 2015 community-policy.rules
-rw-r--r-- 1 root root 775 Jun 30 2015 community-oracle.rules
-rw-r--r-- 1 root root 621 Jun 30 2015 community-nntp.rules
-rw-r--r-- 1 root root 7.7K Jun 30 2015 community-misc.rules
-rw-r--r-- 1 root root 257 Jun 30 2015 community-mail-client.rules
-rw-r--r-- 1 root root 948 Jun 30 2015 community-inappropriate.rules
-rw-r--r-- 1 root root 2.8K Jun 30 2015 community-imap.rules
-rw-r--r-- 1 root root 689 Jun 30 2015 community-icmp.rules
-rw-r--r-- 1 root root 1.4K Jun 30 2015 community-game.rules
-rw-r--r-- 1 root root 249 Jun 30 2015 community-ftp.rules
-rw-r--r-- 1 root root 2.2K Jun 30 2015 community-exploit.rules
-rw-r--r-- 1 root root 2.0K Jun 30 2015 community-dos.rules
-rw-r--r-- 1 root root 1.2K Jun 30 2015 community-deleted.rules
-rw-r--r-- 1 root root 13K Jun 30 2015 community-bot.rules
-rw-r--r-- 1 root root 7.9K Jun 30 2015 chat.rules
-rw-r--r-- 1 root root 3.8K Jun 30 2015 bad-traffic.rules
-rw-r--r-- 1 root root 18K Jun 30 2015 backdoor.rules
-rw-r--r-- 1 root root 5.4K Jun 30 2015 attack-responses.rules
drwxr-xr-x 3 root root 4.0K May 1 08:28 ..
drwxr-xr-x 2 root root 4.0K May 15 2018 .
David
The text was updated successfully, but these errors were encountered: