Snort mailing list archives
Re: VRT Release 2010-02-23 uses "detection_filter"
From: Matt Olney <molney () sourcefire com>
Date: Wed, 24 Feb 2010 10:33:31 -0500
You know, it probably isn't unreasonable for us to call out changes like that. Going forward we'll see what we can do. That being said, we have called out that those who don't stay up with the latest Snort may have issues: Note: Snort rule packages for Subscribers and Registered Users track the latest patch release for any major version. This means that rule packages may make use of features that only exist in the latest version of Snort. A simple example is: If 2.8.4 is the current version of Snort then the snortrules-snapshot-2.8 packages might use features not available in 2.8.3.2 and earlier. (http://www.snort.org/snort-rules) Matt On Wed, Feb 24, 2010 at 10:26 AM, evilghost () packetmail net <evilghost () packetmail net> wrote:
While I truly enjoy surprises sometimes I'm disappointed when the gift isn't something I wanted. In this case the gift was given to me by VRT and came in the form of "detection_filter". As I eagerly unpacked the tar-gzip, giddy like the child on Christmas morning, my happiness turned to sadness. Santa brought me some coal, have I really been that bad? It made my 2.8.4.1 Snorts become very unhappy (evidently they don't like surprises like I do). Sure I can sed these out but a little advance warning is nice. Note, advance warning does not constitute "Snort 2.8.5 is current, you should be running it" or the genetic catch-all warning currently in place. Specific warnings such as "These VRT rules are using detection_filter" would be highly appreciated and would allow me react accordingly before I dropped a few depth-charges on my Snorts. http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2010-02-23.html -evilghost ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" Matt Olney (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" Nigel Houghton (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 26)
- Re: [Emerging-Sigs] VRT Release 2010-02-23 uses "detection_filter" David Guimaraes (Mar 27)
- Re: VRT Release 2010-02-23 uses "detection_filter" evilghost () packetmail net (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" Jeff Kell (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" Matt Olney (Feb 24)
- Re: VRT Release 2010-02-23 uses "detection_filter" Sandro guly Zaccarini (Feb 24)