Re: Snort 2.8.4 Now Available

[Seth Art <sethsec () gmail com>]

On Wed, Apr 8, 2009 at 5:38 PM, Matt Watchinski
<mwatchinski () sourcefire com> wrote:

> Given all that, here is exactly what is going to happen hopefully today.
>
> 1. A new set of rule packages will be released.  If you are a
> subscriber and can get rules immediately the following will happen.
>
> The 2.7 rule packages will contain all the OLD NETBIOS rules
> The 2.8 rule packages will contain all the NEW NETBIOS rules
> The CURRENT rule packages will contain all the NEW NETBIOS rules

So to be clear, the snortrules-snapshot-2.8_s.tar.gz on snort.org now
(md5sum: 6abf9bf635870cd68335c5d2a599a01e) does NOT have the the new
netbios rules YET... right?

wc -l netbios.rules
5828 netbios.rules

1) How will we know when this new pack IS released?

2) Will the NEW netbios rules use the same name -- netbios.rules? Or
will I have to modify my snort.conf include statements
ie: remove
include $RULE_PATH/netbios.rules
and add
include $RULE_PATH/netbios-for-dce2.rules

3) Is the new dcerpc2 preproc backwards compatible?  Can it read the
old netbios rules? I guess if the answer to this question is yes, I
have the answer to my next question.

4) If the 2.8_s with the NEW rules have not been released, and if the
new preproc can not read the old netbios rules, doesn't that mean I
can not push out the new binary and changes to snort.conf (enable
dcerpc2 preproc) to my sensors yet?

Thanks,

Seth

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users