Re: Logically truncated snortrules-snapshot tarball [was: Re: Snort Rule Downloading]

[Brian <bmc () snort org>]

On Mon, May 03, 2004 at 01:18:37PM -0400, Kristofer T. Karas wrote:
> Unfortunately the glowing news is premature.  Yes, a new 
> snortrules-snapshot-2_1.tar.gz was released for everybody using a 
> production 2.1.x snort; and it does contain some updates and a 
> sid-msg.map with 2378 unique SIDs.  However, the *.rules files in the 
> tarball only contain 2334 unique rules.  In particular, all the new 
> rules that detect Sasser (e.g. 2514) are missing!
>
> Whoever it is who maintains the downloadable rules should take a look 
> pronto.  Those of us *not* using the CVS version of snort are out in the 
> cold.

Yes, as I said on snort-sigs, 2.1.0 does NOT support features required
for the rules that detect Sasser.  As such, the 2.1 rule snapshots do
NOT include rules for Sasser.

If you have 2.1.2 or 2.1.3RC1, you should be OK using CURRENT for now.
This whole mess is caused because our version numbering is all wacky.

One of these days we will get it right.

Brian


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users