Re: re: instant snort sigs for new vulnerabilites

["Maarten Hartsuijker" <maarten () hartsuijker com>]

> > One downside: oinkmaster deactivates (at least the version I once
> > downloaded) sids by placing a "#" at the beginning of a rule.
>
> I only does so for the sids you tell Oinkmaster to disable. This is a
feature
> and I don't get why this would be a downside.
> (Or would you for some reason prefer that the unwanted rules were removed
> instead of commented out?)
Ofcourse the downside was the fact that the 1.9 rules are uncommented.
Didn't know about the -p switch though... Probably should have RTFM-ed
better.

> > It also
> > activates all rules with a "#" at the beginning of a line when they are
not
> > specified by oinkmaster. Since the new 1.9 rules are commented out with
a
> > "#", you will have problems with 1.8 because oinkmaster uncomments the
> > lines.
>
> ... Unless you specify "-p" which will preserve the commented out lines.
>
> I agree this is stupid, and this has been changed in 0.6 which will be
> released as soon as I have a free minute :)

Hey, who was there first? Your script or the 1.8 rulesets with 1.9 rules in
it?!? I think the script is very usefull, and those changes will only make
it better. thanks for making it available!

maarten




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users