Snort mailing list archives
Re: Which so_rules to use
From: James Lay <jlay () slave-tothe-box net>
Date: Sun, 28 May 2017 10:43:48 -0600
Probably. Truth be told I've never got with the source...just rolled with the precompiled and never had a second thought about it ☺ On Sun, 2017-05-28 at 17:05 +0100, Charlie Dyer wrote:
But then don't you miss out on the detections that only Cisco has, 0days and NDA detections for example, that won't have source like Joel mentioned in the initial reply? On Sunday, May 28, 2017, James Lay <jlay () slave-tothe-box net> wrote:If it was me I would go from source if possible, so I can tweak it to my exact system. James On Sun, 2017-05-28 at 10:16 +0100, Charlie Dyer wrote:Is anyone able to answer the query below? Essentially, if you have two .so files with the same name, one compiled from src and one precompiled, which should you use? Many thanks On Wednesday, May 24, 2017, Charlie Dyer <charlierwdyer () gmail com wrote:Yes I've compiled the src, my question is if you have two .sofileswith the same name, one compiled from src and one precompiled, which should you use? As you say the precompiled one will have stuff in that the src doesn't, but will the src .so files have stuff in the precompiled ones don't? On Wed, May 24, 2017 at 8:55 PM, Joel Esler (jesler) com 'jesler () cisco com');>> wrote:If we provide the src, you can compile them on your own. The pre-compiled ones are without src, and contain a ton ofdetectionnot available anywhere else (zero-days that only we haveprotectionfor, etc). *--* *Joel Esler *| *Talos:* Manager | jesler () cisco com 'jesler () cisco com');> On May 24, 2017, at 3:06 PM, Charlie Dyer m 'charlierwdyer () gmail com');>> wrote: Thanks for your reply, I'll take a look at pulledpork. Can you tell me if the .so files are actually the same andthesize difference is just down to compilation differences? Or do the precompiled and src .so files essentially contain different 'stuff'? On Wed, May 24, 2017 at 5:29 PM, Joel Esler (jesler) o.com 'jesler () cisco com');>> wrote:You should use pulledpork to manage your ruleset, it willtakecare of which version you need, according to the operating systemyouare using or the one you specify. *--* *Joel Esler *| *Talos:* Manager | jesler () cisco com 'jesler () cisco com');> On May 24, 2017, at 9:14 AM, Charlie Dyer com 'charlierwdyer () gmail com');>> wrote: Hello I've compiled the so_rules from the src folder but seethereare precompiled so_rules with the same name, but some of themhavevastly different file sizes. There are also precompiled .so files which aren't in the src folder once compiled and vice versa. Does anyone know which .so files to use? For example thereisa file-flash.so in the precompiled folder and the src folder, which should I use? Many thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world'smostengaging tech sites, Slashdot.org <http://slashdot.org/>! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net 'Snort-users () lists sourceforge net ');> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on allthelatest Snort news!------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-usersPlease visit http://blog.snort.org to stay current on all thelatestSnort news!----------------------------------------------------------------- ------------- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Joel Esler (jesler) (May 24)
- Re: Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Joel Esler (jesler) (May 24)
- Re: Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Charlie Dyer (May 28)
- Re: Which so_rules to use James Lay (May 28)
- Re: Which so_rules to use Charlie Dyer (May 28)
- Re: Which so_rules to use James Lay (May 28)
- Re: Which so_rules to use Charlie Dyer (May 28)
- Re: Which so_rules to use Joel Esler (jesler) (May 28)
- Re: Which so_rules to use Charlie Dyer (May 24)
- Re: Which so_rules to use Joel Esler (jesler) (May 24)