ashemery
commented
4 years ago Thanks for reporting this David. I never used the rules on the system, but maybe we need to update them with other community rules.
Open icurnet opened 4 years ago
ashemery
commented
4 years ago Thanks for reporting this David. I never used the rules on the system, but maybe we need to update them with other community rules.
icurnet
commented
4 years ago Look into a tool called pulledpork - the end user obtains an API key and the tool from snort.org (free) then running that tool pulls down current rulesets, or users can manually d/l and update the rules. Boug Burke's Security Onion uses pulledpork for ref, et al. GL, David.
The snort rules: /etc/snort/rules are circa 2015
websnort does not indicate how 'old' the snort rules are that a user is relying on for detection, I realize you do not develop this tool, etc. snort users, like myself, look at these first thing when using snort...others may not and rely on old rules, etc.
dav1d@tsurugi:~/Desktop$ ls /etc/snort/rules/ -alhr total 1.6M -rw-r--r-- 1 root root 1.5K Jun 30 2015 x11.rules -rw-r--r-- 1 root root 36K Jun 30 2015 web-php.rules -rw-r--r-- 1 root root 96K Jun 30 2015 web-misc.rules -rw-r--r-- 1 root root 40K Jun 30 2015 web-iis.rules -rw-r--r-- 1 root root 11K Jun 30 2015 web-frontpage.rules -rw-r--r-- 1 root root 9.8K Jun 30 2015 web-coldfusion.rules -rw-r--r-- 1 root root 11K Jun 30 2015 web-client.rules -rw-r--r-- 1 root root 101K Jun 30 2015 web-cgi.rules -rw-r--r-- 1 root root 11K Jun 30 2015 web-attacks.rules -rw-r--r-- 1 root root 2.1K Jun 30 2015 virus.rules -rw-r--r-- 1 root root 3.4K Jun 30 2015 tftp.rules -rw-r--r-- 1 root root 5.0K Jun 30 2015 telnet.rules -rw-r--r-- 1 root root 18K Jun 30 2015 sql.rules -rw-r--r-- 1 root root 5.7K Jun 30 2015 snmp.rules -rw-r--r-- 1 root root 24K Jun 30 2015 smtp.rules -rw-r--r-- 1 root root 9.7K Jun 30 2015 shellcode.rules -rw-r--r-- 1 root root 4.9K Jun 30 2015 scan.rules -rw-r--r-- 1 root root 3.7K Jun 30 2015 rservices.rules -rw-r--r-- 1 root root 52K Jun 30 2015 rpc.rules -rw-r--r-- 1 root root 5.8K Jun 30 2015 porn.rules -rw-r--r-- 1 root root 9.4K Jun 30 2015 pop3.rules -rw-r--r-- 1 root root 2.1K Jun 30 2015 pop2.rules -rw-r--r-- 1 root root 6.1K Jun 30 2015 policy.rules -rw-r--r-- 1 root root 5.0K Jun 30 2015 p2p.rules -rw-r--r-- 1 root root 2.2K Jun 30 2015 other-ids.rules -rw-r--r-- 1 root root 174K Jun 30 2015 oracle.rules -rw-r--r-- 1 root root 4.7K Jun 30 2015 nntp.rules -rw-r--r-- 1 root root 278K Jun 30 2015 netbios.rules -rw-r--r-- 1 root root 1.9K Jun 30 2015 mysql.rules -rw-r--r-- 1 root root 3.7K Jun 30 2015 multimedia.rules -rw-r--r-- 1 root root 19K Jun 30 2015 misc.rules -rw-r--r-- 1 root root 199 Jun 30 2015 local.rules -rw-r--r-- 1 root root 3.3K Jun 30 2015 info.rules -rw-r--r-- 1 root root 14K Jun 30 2015 imap.rules -rw-r--r-- 1 root root 5.3K Jun 30 2015 icmp.rules -rw-r--r-- 1 root root 17K Jun 30 2015 icmp-info.rules -rw-r--r-- 1 root root 22K Jun 30 2015 ftp.rules -rw-r--r-- 1 root root 4.2K Jun 30 2015 finger.rules -rw-r--r-- 1 root root 31K Jun 30 2015 exploit.rules -rw-r--r-- 1 root root 1.4K Jun 30 2015 experimental.rules -rw-r--r-- 1 root root 6.2K Jun 30 2015 dos.rules -rw-r--r-- 1 root root 6.6K Jun 30 2015 dns.rules -rw-r--r-- 1 root root 63K Jun 30 2015 deleted.rules -rw-r--r-- 1 root root 7.5K Jun 30 2015 ddos.rules -rw-r--r-- 1 root root 160K Jun 30 2015 community-web-php.rules -rw-r--r-- 1 root root 68K Jun 30 2015 community-web-misc.rules -rw-r--r-- 1 root root 1.5K Jun 30 2015 community-web-iis.rules -rw-r--r-- 1 root root 254 Jun 30 2015 community-web-dos.rules -rw-r--r-- 1 root root 4.5K Jun 30 2015 community-web-client.rules -rw-r--r-- 1 root root 5.1K Jun 30 2015 community-web-cgi.rules -rw-r--r-- 1 root root 2.4K Jun 30 2015 community-web-attacks.rules -rw-r--r-- 1 root root 3.7K Jun 30 2015 community-virus.rules -rw-r--r-- 1 root root 4.0K Jun 30 2015 community-sql-injection.rules -rw-r--r-- 1 root root 2.7K Jun 30 2015 community-smtp.rules -rw-r--r-- 1 root root 3.5K Jun 30 2015 community-sip.rules -rw-r--r-- 1 root root 1.6K Jun 30 2015 community-policy.rules -rw-r--r-- 1 root root 775 Jun 30 2015 community-oracle.rules -rw-r--r-- 1 root root 621 Jun 30 2015 community-nntp.rules -rw-r--r-- 1 root root 7.7K Jun 30 2015 community-misc.rules -rw-r--r-- 1 root root 257 Jun 30 2015 community-mail-client.rules -rw-r--r-- 1 root root 948 Jun 30 2015 community-inappropriate.rules -rw-r--r-- 1 root root 2.8K Jun 30 2015 community-imap.rules -rw-r--r-- 1 root root 689 Jun 30 2015 community-icmp.rules -rw-r--r-- 1 root root 1.4K Jun 30 2015 community-game.rules -rw-r--r-- 1 root root 249 Jun 30 2015 community-ftp.rules -rw-r--r-- 1 root root 2.2K Jun 30 2015 community-exploit.rules -rw-r--r-- 1 root root 2.0K Jun 30 2015 community-dos.rules -rw-r--r-- 1 root root 1.2K Jun 30 2015 community-deleted.rules -rw-r--r-- 1 root root 13K Jun 30 2015 community-bot.rules -rw-r--r-- 1 root root 7.9K Jun 30 2015 chat.rules -rw-r--r-- 1 root root 3.8K Jun 30 2015 bad-traffic.rules -rw-r--r-- 1 root root 18K Jun 30 2015 backdoor.rules -rw-r--r-- 1 root root 5.4K Jun 30 2015 attack-responses.rules drwxr-xr-x 3 root root 4.0K May 1 08:28 .. drwxr-xr-x 2 root root 4.0K May 15 2018 .
David