Snort mailing list archives
Re: Some notes about today's VRT Rule release for 02/09/2012
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 9 Feb 2012 17:35:04 -0500
On Thu, Feb 9, 2012 at 5:19 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 2/9/2012 15:58, Joel Esler wrote: [trim]In an effort to make the barrier to entry that much easier, the OpenSource rulepackage downloaded on snort.org <http://snort.org> now exactly mirrorswhat youwould get if you used PulledPork. All rules in balanced-ips are enabledand allrules not in balanced-ips are disabled. The exception to this is thatrules thatset flowbits that are used by rules that are in balanced-ips are alsoenabled.This means that the default Open Source ruleset will now provide a goodbalancebetween speed, performance, and detection and all rules should work as expected. Those using Oinkmaster, or simply downloading the rulesetdirectly,will now be running the "balanced-ips" policy. A rule's "on/off" stateis nowdictated by policy.what policy? i've understood most things up to here... we do not use any "policy" rules in our configuration... at least nothing specifically... i don't believe that we even include the policy.rules file(s)... so one has to ask, what policy? where can one see this policy? does this change blow things up like oinkmaster's disablesid option? We've had three policies in the rules for some time now in the "metadata"
field. "policy connectivity-ips, policy balanced-ips, and policy security-ips" This change will not affect Oinkmaster at all. In fact, those of you that were using things other than PulledPork that didn't have flowbit auto-resolution or policy enforcement are now running the exact same policies (and dependancies) that those that are. That's what we mean by "leveling the playing field". Actually, Waldo, you were one of the people specifically we had in mind when we made this "fix", since you can't run PulledPork. J
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
- Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)