Snort mailing list archives
RE: re: instant snort sigs for new vulnerabilites
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Wed, 3 Jul 2002 10:28:57 -0400
My solution is to 'manage' my rulesets via ActiveWorx IDS Policy Manager from my normal Win32 desktop. I would never trust an auto-update in a production environment. IDS Policy Manager has great features including auto-updates and merging. It even allows you to securely upload via SCP. Adding a simple dumby-file to the upload can be used to script a restart of a node. John -----Original Message----- From: Andreas Östling [mailto:andreaso () it su se] Sent: Wednesday, July 03, 2002 4:03 AM To: Maarten Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] re: instant snort sigs for new vulnerabilites On Wednesday 03 July 2002 09.15, Maarten wrote:
One downside: oinkmaster deactivates (at least the version I once downloaded) sids by placing a "#" at the beginning of a rule.
I only does so for the sids you tell Oinkmaster to disable. This is a feature and I don't get why this would be a downside. (Or would you for some reason prefer that the unwanted rules were removed instead of commented out?)
It also activates all rules with a "#" at the beginning of a line when they are
not
specified by oinkmaster. Since the new 1.9 rules are commented out with a "#", you will have problems with 1.8 because oinkmaster uncomments the lines.
... Unless you specify "-p" which will preserve the commented out lines. I agree this is stupid, and this has been changed in 0.6 which will be released as soon as I have a free minute :) Regards, Andreas Östling ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- instant snort sigs for new vulnerabilites Steve McGhee (Jul 02)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)
- Re: instant snort sigs for new vulnerabilites Steve Francis (Jul 02)
- Re: instant snort sigs for new vulnerabilites Nick Zitzmann (Jul 02)
- Re: instant snort sigs for new vulnerabilites Erek Adams (Jul 03)
- Re: instant snort sigs for new vulnerabilites Stefan Dens (Jul 03)
- Re: instant snort sigs for new vulnerabilites Bennett Todd (Jul 03)
- <Possible follow-ups>
- re: instant snort sigs for new vulnerabilites Maarten (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Maarten Hartsuijker (Jul 04)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- RE: re: instant snort sigs for new vulnerabilites Hicks, John (Jul 03)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)