This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Version 8.306 updated and see new rules

i updated last night to 8.306 and now see many log entries in intrusion log they are 19780 which states logmein and 20212 and 20437 which is something to do with outlook or owa
i started disableing some of these since we do use is there a document i could see to show all the new snort tests added? or is this new ips more sensitive?

Also is there an updated list of all test for 8.306 i couldn't find these listed in lists below
Index of /lists

This thread was automatically locked due to age.

Parents

0 BarryG over 12 years ago

Hi Barry,

Many users have noticed that the IPS in v9 is detecting a lot of things that weren't detected in v8.

iirc, 8.306 has an update to the snort engine, and probably new rules as well, so it follows that it's more sensitive now as well.

The snort rules files are in
/var/sec/chroot-snort-2922-03/etc/snort/rules/
(on version 9; the path should be similar on v8)

Viewing them would show you the current (active) rulesets; 'sed' could be used to only show the SID and Description (msg) if desired.

Barry G
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 12 years ago

Hi Barry,

Many users have noticed that the IPS in v9 is detecting a lot of things that weren't detected in v8.

iirc, 8.306 has an update to the snort engine, and probably new rules as well, so it follows that it's more sensitive now as well.

The snort rules files are in
/var/sec/chroot-snort-2922-03/etc/snort/rules/
(on version 9; the path should be similar on v8)

Viewing them would show you the current (active) rulesets; 'sed' could be used to only show the SID and Description (msg) if desired.

Barry G
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data