Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sourcefire VRT Certified Snort Rules Update

From: Mike Guiterman <mguiterman () sourcefire com>
Date: Tue, 17 Nov 2009 17:41:22 -0500
Your frustration is understood.  Sorry about the premature email announcing
the fix.  We're working on it now.  Our apologies to everyone affected.

Regards,

Mike

On Tue, Nov 17, 2009 at 3:13 PM, evilghost () packetmail net <
evilghost () packetmail net> wrote:


Nigel, thank you for this response, however, I believe it to be a
reasonable expectation that the VRT announcement emails which are made
to this list, with a corresponding URL to the Change Log, function
correctly at not be 404.  Additionally, when an issue is reported it
would be nice to have this addressed in a timely basis and
comprehensively; due diligence should be done to verify the Change Log
is actually working as expected before claiming it is, as it only makes
SourceFire look incompetent when the converse is true.

As of now the notification system for VRT appears to be diffused across
many different mechanisms, from sporadic functioning mailing lists to
Blogs.  While I'm not opposed to another technological approach to
management of the Snort rules and the accompanying change notification
it is a disservice to your VRT subscriber base to continue in this
downward spiral of mismanagement and haphazard issue resolution.

I could only hope that the information available of Snort.org would be
an authoritative source, the URLs in VRT announcement messages would be
functional, and that I should not have to rely on additional tool to
perform what is purported to already exist.

As a paying VRT subscriber I am entitled to make these criticisms,
especially when they have merit.

Thanks,
evilghost


Nigel Houghton wrote:

On Tue, Nov 17, 2009 at 2:22 PM, evilghost () packetmail net
<evilghost () packetmail net> wrote:


Negative, this is not resolved.


http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html

loads correctly and contains two HREFs to the Change log itself, one for
'Snort Version CURRENT' and one for 'Snort Version 2_8'



http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html

is HTTP 404.


http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html

is HTTP 404.

C'mon guys.  Many of us depend on these Change Logs before we blindly
push out these VRT rules and the inability to correctly manage these
Changelogs reflect poorly on you (SourceFire), especially when there's a
4 day lapse in response when the issue was initially reported and still
it has not been resolved correctly.

-evilghost

Mike Guiterman wrote:


This has been fixed.  Thanks for the report.

On Fri, Nov 13, 2009 at 4:24 PM, evilghost () packetmail net <
evilghost () packetmail net> wrote:




The changelog is HTTP 404.

research () sourcefire com wrote:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
As a result of ongoing research, the Sourcefire VRT has added

multiple

rules to the specific-threats, web-misc, p2p, backdoor and

spyware-put

rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:



http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
E3O1jvr9wb3Hy+DPpQ2RGLw=
=c3JW
-----END PGP SIGNATURE-----







------------------------------------------------------------------------------




Let Crystal Reports handle the reporting - Free Crystal Reports 2008



30-Day



trial. Simplify your report design, integration and deployment - and



focus on



what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs







------------------------------------------------------------------------------

Let Crystal Reports handle the reporting - Free Crystal Reports 2008

30-Day

trial. Simplify your report design, integration and deployment - and

focus

on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs








If you use pulled pork to download your rules, it will show all the
changes, including the shared object rules.

This is a much better way of looking at what you are about to deploy
than a page on a web site. Hopefully, the next release of pulled pork
will give you the option of creating a changelog file. This way you
can see the changes between what you have and what you are getting, as
opposed to the changes between subsequent files.





------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: