Snort mailing list archives
Re: new rules set
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Fri, 6 Sep 2002 13:33:25 -0400
I have a linux box where I stores the rules then use oinkmaster to maintain the rule set. Once i have updated using oinkmaster I copy the files over to the win32 machines using your favorite method samba, scp, ftp, etc. I normally check about once a week, or when I am about to make changes to my local rule sets. From my experience it is always good for a security professional to have a linux/unix box handy. If I disable a rule I enter it in the oinkmaster conf as a disabled rule, so that I don't have to go through and manual disable the rules I don't like after each update. I also keep my personal rules or modified rules in a separate rules file so it will not be affected by updates to the snort.org distribution. Thats the way I manage it. Ian ----- Original Message ----- From: "netsec novice" <netsec9 () hotmail com> To: <snort-users () lists sourceforge net> Sent: Friday, September 06, 2002 11:52 AM Subject: Re: [Snort-users] new rules set
What about for those of us using Win32 based systems? What do most do in terms of frequency? Do most check on a daily, weekly basis? Sorry for
the
ignorance but can I equate rules with 'signature updates' for anti-virus applications?From: "Ian Macdonald" <secsnort () dirk demon co uk> To: <snort-users () lists sourceforge net>, "Lana" <lanarao () yahoo it> Subject: Re: [Snort-users] new rules set Date: Fri, 6 Sep 2002 09:13:02 -0400 http://www.snort.org/dl/signatures/, they are built daily from the CVS source, make sure you pick the right rule set for your version of snort -stable for 1.8 and -current for 1.9 Ian ----- Original Message ----- From: "Lana" <lanarao () yahoo it> To: <snort-users () lists sourceforge net> Sent: Friday, September 06, 2002 5:18 AM Subject: [Snort-users] new rules setHello to everybody, where can I find the new rules set for snort? how often are they released? Thank you Lana ______________________________________________________________________ Yahoo! Musica: notizie, recensioni, classifiche, speciali multimediali http://it.yahoo.com/mail_it/foot/?http://it.music.yahoo.com/ ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_________________________________________________________________ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- new rules set Lana (Sep 06)
- Re: new rules set Ian Macdonald (Sep 06)
- <Possible follow-ups>
- Re: new rules set netsec novice (Sep 06)
- Re: new rules set Ian Macdonald (Sep 06)