Snort mailing list archives
Re: [Emerging-Sigs] FATALs with snort-2.9.0.3
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 21 Dec 2010 11:46:36 -0500
On Dec 21, 2010, at 11:42 AM, evilghost () packetmail net wrote:
On 12/21/10 10:30, Joel Esler wrote: Hi,Yes, we greatly improved error checking on Snort 2.9.0.3: http://blog.snort.org/2010/12/snort-2903-is-coming-soon.html We are going to put a blog post up about it soon.Did you notify ET of these issues or just post them on the blog? I don't recall seeing this one on the list so it may have been direct to the ET crew. Quoted below: "This is another issue found internally while troubleshooting for Emerging-Threats. VRT rules are not affected by this change. If rule writers have invalid combinations that existed in custom rules (depth with within, or distance with no relative content match, etc) Snort will now error on this. The Snort Manual has been updated to reflect these facts." I imagine you've already reached out to the ET crew and just didn't rely on the blog entry only to notify ET of these issues. I likely missed the communication with ET so I'll bite my tongue with respect to what exactly "OpenSource community" is.
The error checking was improved as a result of the ETPro personnel filing a bug with us when using a "distance" or a "within" with no previous relative offset in their ruleset. We provided this feedback to the ETPro development team at that time and corrections were made to the rule in question. Joel ------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FATALs with snort-2.9.0.3 Lay, James (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 22)
- Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)