Snort mailing list archives
Re: re: instant snort sigs for new vulnerabilites
From: "Maarten Hartsuijker" <maarten () hartsuijker com>
Date: Thu, 4 Jul 2002 09:10:11 +0200
One downside: oinkmaster deactivates (at least the version I once downloaded) sids by placing a "#" at the beginning of a rule.I only does so for the sids you tell Oinkmaster to disable. This is a
feature
and I don't get why this would be a downside. (Or would you for some reason prefer that the unwanted rules were removed instead of commented out?)
Ofcourse the downside was the fact that the 1.9 rules are uncommented. Didn't know about the -p switch though... Probably should have RTFM-ed better.
It also activates all rules with a "#" at the beginning of a line when they are
not
specified by oinkmaster. Since the new 1.9 rules are commented out with
a
"#", you will have problems with 1.8 because oinkmaster uncomments the lines.... Unless you specify "-p" which will preserve the commented out lines. I agree this is stupid, and this has been changed in 0.6 which will be released as soon as I have a free minute :)
Hey, who was there first? Your script or the 1.8 rulesets with 1.9 rules in it?!? I think the script is very usefull, and those changes will only make it better. thanks for making it available! maarten ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- instant snort sigs for new vulnerabilites Steve McGhee (Jul 02)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)
- Re: instant snort sigs for new vulnerabilites Steve Francis (Jul 02)
- Re: instant snort sigs for new vulnerabilites Nick Zitzmann (Jul 02)
- Re: instant snort sigs for new vulnerabilites Erek Adams (Jul 03)
- Re: instant snort sigs for new vulnerabilites Stefan Dens (Jul 03)
- Re: instant snort sigs for new vulnerabilites Bennett Todd (Jul 03)
- <Possible follow-ups>
- re: instant snort sigs for new vulnerabilites Maarten (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- Re: re: instant snort sigs for new vulnerabilites Maarten Hartsuijker (Jul 04)
- Re: re: instant snort sigs for new vulnerabilites Andreas Östling (Jul 03)
- RE: re: instant snort sigs for new vulnerabilites Hicks, John (Jul 03)
- Re: instant snort sigs for new vulnerabilites twig les (Jul 02)