[sniffer] Bad Rule Event
Hello Sniffer Folks, We have had a bad rule event. The bad rules were created near 0830E, and removed by 1030E. The bad rules were discovered by our IP/Rule conflict instrument indicating that most were automatically rejected by Auto-Panic features. The rules were part of a rule family designed to capture highly obfuscated porn subjects. Unfortunately the extensive abstraction of the rules matched other subjects containing similar combinations of characters. The Rule IDS are in the range 3694383 - 3694428. We are very sorry for any trouble and have already taken measures to prevent this error in future. Best, _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
[sniffer] Re: Bad Rule Event
Hi Pete, Hello Sniffer Folks, We have had a bad rule event. The bad rules were created near 0830E, and removed by 1030E. [...] Regarding this event A while ago we talked about sniffer installations exchanging rule-panic info via the GUBdb sync info as that is happening every (few) minute(s) in stead of every few hours. Any idea when a new version of Sniffer with that feature will be launched? Yours sincerely, Bonno Bloksma senior systemadministrator tio university of applied sciences for hospitality and tourism julianalaan 9 / 7553 ab hengelo netherlands t +31-74-255 06 10 / f +31-74-255 06 11 b.blok...@tio.nl / www.tio.nl
[sniffer] Re: Bad Rule Event
On 12/16/2010 11:07 AM, Bonno Bloksma wrote: Hi Pete, Hello Sniffer Folks, We have had a bad rule event. The bad rules were created near 0830E, and removed by 1030E. [...] Regarding this event A while ago we talked about sniffer installations exchanging rule-panic info via the GUBdb sync info as that is happening every (few) minute(s) in stead of every few hours. Any idea when a new version of Sniffer with that feature will be launched? Actually -- rule-panics are triggered instantaneously based on local GBUdb data. Auto-Panic: When a relatively new rule conflicts with a known good IP on your system that rule is made inert until the next rulebase update. The next full release will include features for near-real-time rule additions and removals. We plan to begin releasing interim updates of the SNF engine with some of these features early next year. We plan to complete the next full release by Q3. _M -- Pete McNeil Chief Scientist ARM Research Labs, LLC www.armresearch.com 866-770-1044 x7010 # This message is sent to you because you are subscribed to the mailing list sniffer@sortmonster.com. This list is for discussing Message Sniffer, Anti-spam, Anti-Malware, and related email topics. For More information see http://www.armresearch.com To unsubscribe, E-mail to: sniffer-...@sortmonster.com To switch to the DIGEST mode, E-mail to sniffer-dig...@sortmonster.com To switch to the INDEX mode, E-mail to sniffer-in...@sortmonster.com Send administrative queries to sniffer-requ...@sortmonster.com
