Site Network:

Home

Corsi, conferenze LugOB

Ciao a tutti,

vogliamo segnalarvi questa interessante iniziativa :

immagine corsi

 

link : http://www.lugob.org/

Questa sera sarà presente lo snortattack TEAM!

Stay Tuned

 

Camerino 08-09/Maggio/2009

Ciao a tutti,

lo snortattack team parteciperà all'evento Camerino 2009:

link: http://www.camelug.it/

link: http://securitydate.org/

Stay Tuned!

Snortattack TEAM!

 

SNORT binary 2.8.4

  • Italiano

The SNORT Team release SNORT 2.8.4 then Snortattack Team release the static binary :

http://www.snortattack.it/static/snort-2.8.4.flex2_static.gz

http://www.snortattack.it/static/snort-inline-2.8.4.static.gz

 

Release note:

2009-04-07 - Snort 2.8.4

[*] New Additions
    * Revised DCE/RPC preprocessor to provide new rule options,
      additional SMB command support, and updated defragmentation
      models

    * Support for IPv6 with Frag3 and all application preprocessors
      (SMTP, FTP/Telnet, DCE/RPC, SSL, DNS, Portscan)

    * Improved target-based support within application preprocessors

    * Addition to automatically pre-filter traffic that is not
      explicitly configured for inspection to improve performance.

    * HttpInspect update to limit number of HTTP Header fields and
      alert if limit is reached.

    * Support for multiple IP Addresses and/or CIDRs in HTTP Inspect
      and FTP/Telnet Server/Client specific configurations

[*] Improvements
    * Update to allow rules with only negated content

Stay TUNED!

Snortattack TEAM!

 

SNORT binario 2.8.4

  • English

In contemporanea con il rilascio di SNORT 2.8.4 lo snortattack team rilascia i relativi binari statici :

http://www.snortattack.it/static/snort-2.8.4.flex2_static.gz

http://www.snortattack.it/static/snort-inline-2.8.4.static.gz

 

Note di rilascio in lingua originale:

2009-04-07 - Snort 2.8.4

[*] New Additions
    * Revised DCE/RPC preprocessor to provide new rule options,
      additional SMB command support, and updated defragmentation
      models

    * Support for IPv6 with Frag3 and all application preprocessors
      (SMTP, FTP/Telnet, DCE/RPC, SSL, DNS, Portscan)

    * Improved target-based support within application preprocessors

    * Addition to automatically pre-filter traffic that is not
      explicitly configured for inspection to improve performance.

    * HttpInspect update to limit number of HTTP Header fields and
      alert if limit is reached.

    * Support for multiple IP Addresses and/or CIDRs in HTTP Inspect
      and FTP/Telnet Server/Client specific configurations

[*] Improvements
    * Update to allow rules with only negated content

Stay TUNED!

Snortattack TEAM!

 

SNORT 2.8.4 react

  • Italiano

Change the file sp_react.c to redirect the client to another website:

at the row 306 edit the tmp_buf1[] variable

HTTP/1.1 302 FOUND\r\nLocation:http://google.com\r\nServer: Snort/2.8.3.2\r\nConnection:Close\r\nContent-Type: text/html\r\n\r\n

*google.com redirect to this address.

 

example rules:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"REACT RULES";flow: to_server,established;content:"example.com";classtype: policy-violation;sid:9999; react: block, msg ;)

*example.com it's the website to block.

 

Enjoy

Snortattack TEAM!