According to VRT blog …

Today the Snort Web Team made a change to the way that Snort rules are downloaded from snort.org. Hopefully this will result in faster downloads for most people. The main thing to note though is that the actual file download links have changed.

First, there is no longer any need to add an “_s” to the rule file in order to get the subscriber pack. Second, the link to the file itself has changed:

Old Link:

http://dl.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz?oink_code=

New Link:

http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/

You should update your PulledPork and Oinkmaster installations to reflect these changes.

Solera Networks, a leading network forensics products and services company today announced its partnership with Sourcefire, Inc. (Nasdaq:FIRE), the creators of SNORT® and a leader in intelligent Cybersecurity solutions. Solera Networks can now integrate its award-winning network forensics technology directly into Sourcefire’s event analysis. The integration enhances Sourcefire’s packet analysis functionality to include full session capture, which provides detailed forensics for any security event. The partnership enables swift incident response to any security event and provides full detail in the interest of understanding “what happened before and after a security event?”

http://www.soleranetworks.com/news/solera-networks-and-sourcefire-announce-partnership/

http://taosecurity.blogspot.com/2010/06/all-aboard-nsm-train.html

Matt Olney (of Sourcefire VRT) has read through and analyzed the “Protecting Cyberspace as a National Asset Act of 2010” (pdf), a 199 page piece of legislation introduced by Senator Lieberman (I-CT) along with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE).  It is an excellent review of the bill.

Click here to read his entire post

The Snorby virtual appliance provides a preconfigured out of the box Snorby front-end  for snort, the popular intrusion detection system . The Snorby interface is  developed by Dustin Webber. This appliance is indicated for security professionals with a depth knowledge of intrusion detection and security  monitoring.  Nevertheless beginners can use the appliance to to understand and learn about intrusion detection and network security.

Click here for notes and download

Near Real-Time Detection (Razorback) is the result of extensive research into detection of attacks hidden inside numerous layers of compression, obfuscation, and evasion techniques across multiple file formats. Razorback in its current form is a plugin to the Snort detection engine. Razorback addresses the issues with file format parsing by separating selected file types from transmitted data, which are then passed to additional detection engines either on local or distributed remote system(s). The intention is for the system to be extensible and not necessarily be a plugin for Snort.

Future development plans include providing Snort with automatic detection rule updates that an IPS deployment of Snort can use to protect the private network along with further enhancements aimed at data leak prevention. The system will also use templates to describe file types and a simple rule language to detect attacks.

Click here for code and presentation

Hi Snort® User,

On behalf of the Snort Team at Sourcefire, I’d like to invite you to attend the next session of the Snort Users Webinar Series.

In this webinar Steve Sturges Snort development team manager will discuss Snort Performance Tuning – Rules and Preprocessors

This discussion will focus on guidelines for tuning Snort based on performance statistics from rule and preprocessor profiling and the perfmon preprocessor. It is intended to help Snort administrators when tuning and troubleshooting performance issues. The discussion may also be useful to Snort rule writers for measuring the potential performance impact of their rules

Webinar details:

Date: November 9, 2009
Time: 10:00 AM US Eastern Standard Time (GMT -5:00))

To register for this webinar visit: https://sourcefire.webex.com/sourcefire/onstage/g.php?t=a&d=792341054

As always this session will be recorded and posted on Snort.org for future use.

I hope you can join us.

Regards,
Mike

Mike Guiterman
Snort Community Manager
Sourcefire, Inc.
mguiterman@sourcefire.com

I’ve had some calls about holding another Snort User Group meeting soon.  If you are interested shoot me an email at mo@ciphertechs.com

One of the many things that occupy the time of the VRT is reviewing rule performance data, whether that data is internally generated from one of our test environments or received from customer reports. In the “Rule Performance�? series of blog posts, we’ll look at the set of issues that encompass the problematic rule constructs that we’ve found most significantly impact the performance of Snort sensors. Hopefully you can use this information to add additional detection capability customized to your environment without adding undue processing load.

Read more @ http://vrt-sourcefire.blogspot.com

Clam AntiVirus (ClamAV) is a free, cross-platform antivirus software tool-kit capable of detecting many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, Mac OS X, OpenVMS, OSF and Solaris. At one time it had a native version available for Windows, but that project has been ended.

Both ClamAV and its updates are made available free of charge.

Sourcefire, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers.

Below are 6 screencasts by by Tomasz Kojm discussing: an overview of ClamAV, architecture, deployment and installation, detection mechanism, and troubleshooting.

Part I - http://www.youtube.com/watch?v=hqitIW_XgGI

Part II - http://www.youtube.com/watch?v=YWowwh_32cA

Part III - http://www.youtube.com/watch?v=jElBFo07y5I

Part IV - http://www.youtube.com/watch?v=wMjMoMcu_4c

Part V - http://www.youtube.com/watch?v=tJvn9AquL6g

Part VI - http://www.youtube.com/watch?v=WX2Xdh3KghU

« Previous entries