Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Updating Rules?

From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 12 Feb 2004 17:36:28 -0600
--On Thursday, February 12, 2004 03:59:53 PM -0600 Dusty Hall <halljer () auburn edu> wrote: 


I guess I'll update as soon as possible...  I think this needs to be
changed though:

http://www.snort.org/dl/rules/  reads:

->  If you are using 2.1.*, please use snortrules-snapshot-2_1 rules. <-

Because snortrules-snapshot-2_1 rules.tar.gz BREAKS 2.1.0.  If I was
using autoupdate with Oinkmaster and used that info I would have had
problems due to the flowbits addition.  Luckily I manually update my
rules using Oinkmaster and inspect the results :).
I updated mine with oinkmaster. All I had to do was grep the rules files for "flowbits" and add the rules returned to the "disablesid" list in oinkmaster.conf. End of problem. When the flowbits "problem" gets fixed, I'll re-enable them. Piece of cake. 

Oinkmaster rules.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: