Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] GPL rules - who maintainsthem?Nobody?

From: Nigel Houghton <nhoughton () sourcefire com>
Date: Mon, 21 Mar 2011 11:25:53 -0400
On Mon, 21 Mar 2011 10:33:37 -0400, Weir, Jason wrote:




-----Original Message-----
From: evilghost () packetmail net [mailto:evilghost () packetmail net] 
Sent: Monday, March 21, 2011 10:29 AM
To: Matthew Jonkman
Cc: Weir, Jason; emerging-sigs () emergingthreats net; 
snort-users () lists sourceforge net
Subject: Re: [Emerging-Sigs] [Snort-users] GPL rules - who 
maintainsthem?Nobody?





On 03/21/11 09:24, Matthew Jonkman wrote:

Any other ideas?


I do not like the idea of re-SIDing.  It doesn't make sense, promotes
unnecessary duplication, and can result in performance 
degradation and disparity
between the GPL rules.

In the spirit of the GPL, if you make changes, you submit 
said changes upstream.

If we make improvements we should submit them to VRT, and 
vice versa.  Their
inclusion is up to VRT/ET respectively.

I do not vote we re-SID.  I do vote we preserve SID and communicate
upstream/downstream on changes.  A rational person would 
evaluate the changes,
engage in mutual discussion, and agree on modifications.

Re-SIDing is stupid.



evilghost - I agree that re-SIDing is stupid...  But the rest of your
suggestions require VRT and ET cooperate and have a healthy back in
forth relationship.  It seems clear that will never happen..

-J


For what it's worth, we do not re-use SIDs. So, even though we don't 
ship the porn.rules anymore, we aren't re-using those SIDs so copying 
them off and giving them new SIDs is a fruitless exercise. There is 
nothing to be gained from doing so. Those rules were originally written 
as an example of what you could do if that was traffic you were 
interested in (Marty wrote them, so I guess he was interested in that 
traffic at some point for some reason). They aren't comprehensive by 
any means and there are probably thousands of rules you could write to 
find traffic of that nature.

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: