Snort mailing list archives
Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc)
From: Alex Kirk <akirk () sourcefire com>
Date: Sun, 25 Apr 2010 22:47:36 -0400
The VRT has been conducting reviews of the default policies of late - both those included in the metadata fields and the implied policies of commented out vs. not commented out. There are a number of rules that, in their time, were very useful, but are no longer, due to their age - many of these rules, for example, were for vulnerabilities 5 or more years old. Given that running a tighter, more focused ruleset is likely to produce more useful alerts, and given that a number of users simply accept the VRT defaults without much further thought, we decided it was best to turn off some of our older rules, where the probability of a successful attack has become exceedingly low. Anyone who wants these rules, of course, is free to turn them right back on. That's the beauty of running your own IDS - you need not accept the VRT's judgments as your own if you don't want to. On Sun, Apr 25, 2010 at 3:53 AM, monitz <mmonitz () gmail com> wrote:
hello i have noticed that the recent VRT update (08 april i think) comments out many sigs i can not find an announcment or explenation for this. does anyone have any idea why this happens? ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
-- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc) monitz (Apr 25)
- Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc) Alex Kirk (Apr 25)
- Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc) monitz (Apr 25)
- Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc) Joel Esler (Apr 26)
- Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc) monitz (Apr 25)
- Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc) Alex Kirk (Apr 25)