Snort mailing list archives
Re: flowbits
From: adam <hoga4008 () kettering edu>
Date: Tue, 24 Feb 2004 20:53:17 -0500
I don't speak for the Snort team, but I imagine that it's just too much work to maintain a seperate tree of rules for every release of Snort. This field changes too fast for everything to be simple and automated, updating regularly is just something we'll have to accept. If we want the newest greatest signatures we need the newest greatest Snort features.
-adam.
I agree, I don't think I understand the reasoning of introducing a rule for a = feature that did not exist in the current stable release knowing that = Snort would break. I use Oinkmaster and I had to find the rules that had = flowbits enabled and disablesid them. Snort Team: Why don't you create a new ruleset for RC1 until 2.1.1 is = released? BTW, RC1 doesn't exist for Windows or I'd give that a shot = too. Doug -----Original Message----- From: Andreas =D6stling [mailto:andreaso () it su se]=20 Sent: Tuesday, February 24, 2004 1:51 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Re: flowbits On http://www.snort.org/dl/rules/ it still says you should use the 2_1=20 rules for snort 2.1.*, which will obviously fail as the flowbit feature=20 was introduced post 2.1.0 (as discussed in=20 http://marc.theaimsgroup.com/?t=3D107661847900002&r=3D1&w=3D2) Couldn't this be fixed somehow? /Andreas
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flowbits Douglas McCrea (Feb 24)
- <Possible follow-ups>
- RE: Flowbits Peters, Michael D. (Feb 24)
- Re: Flowbits Joe Matusiewicz (Feb 24)
- Re: flowbits adam (Feb 24)
- Re: Re: flowbits Andreas Östling (Feb 24)
- RE: Re: flowbits Douglas McCrea (Feb 24)
- Re: flowbits adam (Feb 24)