Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Snort 2.2 Rules (Walt Rich)

From: Nigel Houghton <nigel () sourcefire com>
Date: Wed, 14 Sep 2005 16:00:29 -0500
On  0, snort-users-request () lists sourceforge net allegedly wrote:


Today's Topics:

   4. New Snort 2.2 Rules (Walt Rich)

--__--__--

Message: 4
Date: Wed, 14 Sep 2005 15:26:31 -0500
From: "Walt Rich" <walt.rich () parago com>
To: <snort-users () lists sourceforge net>
Subject: [Snort-users] New Snort 2.2 Rules

I updated the Snort rules to the latest available on Souceforge's site.
They wre auite out of date, and almost a year old.  Snort is up and
running, but has become very queit!  It used to detect alot of false
positives, which were a pain, but at least I knew it was working.  Now
it is very, very quiet, and hasn't detected anything in over 2 hours.
Is it possible that the rule writers have become so good that the
detection of false positives has been almost eliminated?  Has anyone
else experienced anything similar?  Any input is greatly appreciated.
=20
Thanks!=20
=20
      =20
________________________________

| Walt Rich | Sr. Network Engineer | Parago, Inc. | 972.538.7253 |=20
walt.rich () parago com |

 
Walt,

You need to get your rules from
http://www.snort.org/pub-bin/downloads.cgi and get the ruleset that
applies to your version of snort. You can register free of charge and
get the VRT rules.

Don't forget to restart snort when you are done updating the rule set. I
might also suggest using oinkmaster to download and keep things up to
date too.

+--------------------------------------------------------------------+
     Nigel Houghton      Research Engineer       Sourcefire Inc.
                   Vulnerability Research Team

 I require a window seat and an inflight Happy Meal, and no pickles! 
 God help you if I find pickles!


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: