|
Sourcefire VRT Advisory Multiple Rule Additions and Modifications Synopsis: This release contains an updated detection engine that includes an SSH preprocessor, the ability to apply rate-based rule states to intrusion rules, and a new detection_filter rule keyword that replaces the threshold keyword, which is still supported for backward compatibility. Additionally, this release adds and modifies rules in several categories. Details: The SSH preprocessor detects and alerts on the Challenge-Response Buffer Overflow exploit, the CRC-32 exploit, and the SecureCRT SSH Client Buffer Overflow exploit. Rate-based rule states provide the ability to change the state of a rule for a specified number of triggering packets within a specified time in response to attempts to overwhelm a network or host with excessive traffic. The detection_filter rule keyword can prevent a rule from prematurely generating events by specifying the number of packets that must trigger the rule within a specified time before the rule generates events. The Sourcefire VRT has also added multiple rules in the specific-threats, dns, web-client, dos, ftp and misc to provide coverage for threats from these categories. For Assistance:
|
|
|
|