Re: utoh... 2.8.6.1 is out but what about the rules files??

[Joel Esler <jesler () sourcefire com>]

On Jul 25, 2010, at 11:53 PM, waldo kitty <wkitty42 () windstream net> wrote:

> On 7/25/2010 17:13, Joel Esler wrote:
> > On Jul 25, 2010, at 3:37 PM, waldo kitty wrote:
> > >
> > I am guessing that since the 2861 rules just came out, that the registered user people have to wait 30 days.
>
> that's probably a good guess... however, as we can see, it causes problems and, 
> ideally, i current copy of the latest registered user rules for that version 
> should be created so that this kind of thing doesn't happen and "we", inclusive, 
> don't get flooded with complaints like this ;)

We did that as a one time thing when 2.8.6.0 came out to get people to upgrade. We can't be giving the subscribers 
rules out early to registered users every time we upgrade. 



> > > the ones they should be using for snort 2.8.6.1 with oinkmaster are
> > >
> > > http://www.snort.org/pub-bin/oinkmaster.cgi/*OINKCODE*/snortrules-snapshot-2861.tar.gz
> > >
> > > OR (for paying vrt subscribers)
> > >
> > > http://www.snort.org/pub-bin/oinkmaster.cgi/*OINKCODE*/snortrules-snapshot-2861_s.tar.gz
> >
> > No.
>
> FWIW: these two formats are the ones that i've complained about not being 
> depicted in the blog and other places where the two new format examples are 
> given... i can only assume that one of those examples, the one with 2.8.6 as the 
> version, were given so as to demonstrate the trailing zero padding necessary... 
> but none of them discuss or show that the oinkmaster users need not change 
> anything... in fact, several posts alert oinkmaster users to make changes that 
> won't/don't work :?

We've put out corrected information. 


> > > speaking of which, can you say if the above old oinkmaster format with the "_s"
> > > after the version number still works? i have no way to test it (currently) and
> > > have not found anyone who it s paying vrt subscriber that uses our environment
> > > who is willing to test this code... i'm sure they'll start popping out of the
> > > woodwork when it is released and fails, though :? :(
> >
> > You don't need the _s anymore at all.  Sourcefire takes care of who is subscriber and who is registered on our side, 
> > just by looking at your oinkcode.
>
> ok... you and i had exchanged emails on this but i never heard back from you on 
> the last exchange where you asked me to specifically test this... i will make 
> the necessary adjustments to the code we are using and pass this info on to 
> others on the non-FOSS side of the fence so that they are aware of it

I wrote information about the not-needing of the _s on the mailing list.  

J

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users