Snort mailing list archives
RE: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2)
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 04 May 2004 14:01:23 -0500
On Tue, 2004-05-04 at 13:07, McCash, John wrote:
They are not being updated on purpose. The features required for the LSASS are not available for 2.1.0. You need 2.1.2 for that.
Which is kinda funny. We got an old version of the signature set which is not updated and incompatible with the new version of the signature set which is maintained. Yet the RELEASE quality version of Snort does not accept the new signature set, only the old one. If you want the new signatures, you have to run DEVELOPMENT code. Kinda messed up if you ask me. Anyhow, the Sasser sigs posted at SANS ISC are working great on older versions. Compatible signatures that work, kudos to that. Well, this is Open Source. You don't have to rely on folks, you can make your own code or signatures. I just wish that the versioning of Snort and the sigs were cleaner. Like a clear development version and a clear production version. Have rule maintainers work on rules that work for the production version (not the development version). Perhaps we need to jump to Snort 3.0 and clean all this up ;) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2) McCash, John (May 04)
- <Possible follow-ups>
- RE: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2) Vogle, Brian (May 04)
- RE: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2) McCash, John (May 04)
- RE: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2) Frank Knobbe (May 04)
- Re: Snort Rule Downloading - Working now! (NOT!!!) (update use -CURRENT for 2.1.2) M. Morgan (May 05)