Snort mailing list archives
Re: Snort 2.8.4 Now Available
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 8 Apr 2009 13:38:07 -0400
Sure, Here is a quick summary of what is on the rules Download Page. Each of the 2_X packages track the latest minor release. IE the 2.8 packages contain things that only work in 2.8.3.2. The next set of packages released in the 2_8 will track 2.8.4 and will contain all the netbios changes. So to answer your question it will break earlier 2.8 releases. Additionally CURRENT doesn't mean the English Definition of "current" as in the latest release. It is a revision control term meaning latest and greatest CVS snapshot. Therefore CURRENT could contain whatever crazy beta features are in the works. Given all that, here is exactly what is going to happen hopefully today. 1. A new set of rule packages will be released. If you are a subscriber and can get rules immediately the following will happen. The 2.7 rule packages will contain all the OLD NETBIOS rules The 2.8 rule packages will contain all the NEW NETBIOS rules The CURRENT rule packages will contain all the NEW NETBIOS rules 2. If your doing automatic updates with oinkmaster and are pointing at 2.8 or CURRENT and are not running 2.8.4 things will break. If you are a registered user and not a subscriber the above will happen in 30 days. Hopefully that explains it. Cheers, On Wed, Apr 8, 2009 at 12:51 PM, John Duksta <jduksta () gmail com> wrote:
Joel (or someone else at SF): Can we some guidance as to whether the snapshot_2.8_s rules going forward are going to utilize the dcerpc2 enhancements (i.e. lose the 5K netbios rules that just went away with SF SEU 216), and if so, will the new dcerpc2 ruleset break earlier 2.8 releases? Based on the rule maintenance language[1], it sound like it might do so, but I suppose it really depends on the content of the rules. Thanks, -j [1] <quote>Snort rule packages for Subscribers and Registered users track the latest feature set for any Major.X release. This means that rule packages can contain features that only exist in the latest version of snort for a given Major.X release. A simple example is: If 2.6.1.5 is the current version of snort then the snortrules-snapshot-2.6 packages might utilize features not supported in 2.6.1.4 and earlier. Additionally the word CURRENT does not mean "current" as in the English dictionary meaning. It mean CURRENT in the BSD source code repository meaning. CURRENT tracks SNORT CVS CURRENT, i.e. the the unstable, possibly broken version of snort. If you download CURRENT and are not running this version of snort, your snort install will break</quote> -- John Duksta <jduksta () gmail com> Can't sleep, clowns will eat me. ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.8.4 Now Available Snort Releases (Apr 07)
- Re: Snort 2.8.4 Now Available Jeff Dell (Apr 08)
- Re: Snort 2.8.4 Now Available John Duksta (Apr 08)
- Re: Snort 2.8.4 Now Available Nigel Houghton (Apr 08)
- Re: Snort 2.8.4 Now Available matt donovan (Apr 08)
- Re: Snort 2.8.4 Now Available Matt Watchinski (Apr 08)
- Re: Snort 2.8.4 Now Available Seth Art (Apr 08)
- Re: Snort 2.8.4 Now Available Matt Watchinski (Apr 08)
- Re: Snort 2.8.4 Now Available John Duksta (Apr 08)
- Re: Snort 2.8.4 Now Available Jeff Dell (Apr 08)