Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort rules touble.

From: Andreas Östling <andreaso () it su se>
Date: Fri, 21 Jun 2002 22:50:01 +0200 (CEST)

On Fri, 21 Jun 2002, Erek Adams wrote:
...

Many times when folks update new rules, they don't really read or understand
the rules, they just say "Hey, look--It's commented out.  I'll add it back in
so that I'm running _all_ the rules--That way I'll be even _more_ protected!"
That's not a Good Idea(tm).  :)  As our Rule Nazi (Cazz) has said "Things are
commented out for a reason.  Don't uncomment them unless you understand why
they were commented out in the first place."

There is a script that will update your rules that someone on the list has
written.  It works very well, except for one tiny quirk--By default, it
uncomments any commented out rules.  The author has already said that should
be an option and not a default, so use caution when/if using scripts to update
your rules.  Heh...  One more reason to do it yourself....  ;-)

...

Uhm... I'm... uhm... kind of guilty.

But I FINALLY fixed this a while ago:
http://devel.it.su.se/cgi-bin/local/cvsweb.cgi/oinkmaster/oinkmaster.pl.diff?r1=1.32&r2=1.33

(Perhaps this version should be released right away to avoid further
confusion?)

Regards,
Andreas Östling



-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: