This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NO IPS update!?

Hi!

i didn recive any update in last 2 months.

Snort update 2 / 7

New Rules 12-12-2013: Snort :: Changes 2013-12-12

* 1:28907  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
* 1:28908  ENABLED  SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules)
* 1:28905  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
* 1:28906  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
* 1:28903  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
* 1:28904  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
* 1:28902  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
* 1:28899  ENABLED  FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
* 1:28894  ENABLED  FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
* 1:28896  ENABLED  FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules)
* 1:28897  ENABLED  FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
* 1:28900  ENABLED  FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules)
* 1:28901  ENABLED  FILE-IDENTIFY eSignal .ets file download request (file-identify.rules)
* 1:28895  ENABLED  FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules)
* 1:28898  ENABLED  FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules)
* 1:28912  DISABLED  SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt (server-webapp.rules)
* 1:28911  ENABLED  EXPLOIT-KIT Neutrino exploit kit initial outbound request - generic detection (exploit-kit.rules)
* 1:28910  DISABLED  SERVER-WEBAPP mcRefer install.php arbitrary PHP code injection attempt (server-webapp.rules)
* 1:28909  DISABLED  SERVER-WEBAPP OTManager ADM_Pagina.php remote file include attempt (server-webapp.rules)
Modified Rules:

* 1:28496  ENABLED  BROWSER-IE Microsoft Internet Explorer createRange user after free attempt (browser-ie.rules)
* 1:28893  DISABLED  BROWSER-OTHER known revoked certificate for Tresor CA (browser-other.rules)
* 1:20843  ENABLED  FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)

This thread was automatically locked due to age.

0 BarryG over 11 years ago

Hi,

Please post the output of 'version' from the command line.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 11 years ago

Also see https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/29117

If the same problem; please post there.

Barry
Cancel
Vote Up 0 Vote Down

Cancel