Re: recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc)

[Alex Kirk <akirk () sourcefire com>]

The VRT has been conducting reviews of the default policies of late - both
those included in the metadata fields and the implied policies of commented
out vs. not commented out. There are a number of rules that, in their time,
were very useful, but are no longer, due to their age - many of these rules,
for example, were for vulnerabilities 5 or more years old. Given that
running a tighter, more focused ruleset is likely to produce more useful
alerts, and given that a number of users simply accept the VRT defaults
without much further thought, we decided it was best to turn off some of our
older rules, where the probability of a successful attack has become
exceedingly low.

Anyone who wants these rules, of course, is free to turn them right back on.
That's the beauty of running your own IDS - you need not accept the VRT's
judgments as your own if you don't want to.

On Sun, Apr 25, 2010 at 3:53 AM, monitz <mmonitz () gmail com> wrote:

> hello
> i have noticed that the recent VRT update (08 april i think) comments out
> many sigs
> i can not find an announcment or explenation for this.
>
> does anyone have any idea why this happens?
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs


-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk () sourcefire com

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs