IDS Ruleset - Mon Dec 14 10:28:15 GMT 2015

  • 1
  • Idea
  • Updated 2 years ago
Hello all,

We feel it is very important for all of our customers to be running the very latest version of LANGuardian for a variety of reasons. However one of the main reasons is that the older versions are not recieving  the IDS Ruleset updates. Only LANGuardian systems from 12.4 onward avail of these updates. This is due to a major SNORT upgrade that you can see on the Release Notes section here.
As these updates are now automated, you will get a notification when you log on to your LANGuardian informing you of the update so we will no longer be posting them here. However you can still follow the links below to see the detailed updates.

The IDS Ruleset has now been updated. To find out more about the ETOpen Ruleset click here
A more detailed ChangeLog can be viewed here.

The following are the latest rules to be added to the list : 

[+++]          Added rules:          [+++]

 2014169 - ET DNS Query for .su TLD (Soviet Union) Often Malware Related (emerging-dns.rules)
 2016778 - ET DNS Query to a *.pw domain - Likely Hostile (emerging-dns.rules)
 2020638 - ET DELETED Evil Redirector Leading to EK Mar 06 2015 (emerging-deleted.rules)
 2022243 - ET SCAN COMMIX Command injection scan attempt (emerging-scan.rules)
 2022244 - ET TROJAN NetBackdoor Checkin (emerging-trojan.rules)
 2022245 - ET TROJAN NetBackdoor User-Agent (.net backdor) (emerging-trojan.rules)
 2022246 - ET TROJAN Backdoor User-Agent (InstallCapital) (emerging-trojan.rules)
 2405046 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (emerging-botcc.portgrouped.rules)

Thank you.
Photo of Jason McLynn

Jason McLynn, Official Rep

  • 7 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1

Be the first to post a reply!