Snort mailing list archives

Re: Snort 2.9.0 Now Available

From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 5 Oct 2010 12:12:36 -0400

On Tue, Oct 5, 2010 at 12:00 PM, waldo kitty <wkitty42 () windstream net>wrote:

On 10/5/2010 08:32, Russ Combs wrote:


On Mon, Oct 4, 2010 at 10:52 PM, waldo kitty <wkitty42 () windstream net
<mailto:wkitty42 () windstream net>> wrote:

    the only libnet i find anywhere in our basic source directories seems

to be

    win32 related for some package(s) we use that support that

environment... since

    we're a *nix based environment, that one doesn't do us any good...

libnet is a library.  You may have installed it from a binary package or

built

it from a source package but it is not part of the Snort source tree.


as written above, there is no libnet in use at all in the product i'm
working
with... there's no libdnet, either... we've simply never had a need for
either...


OK - libnet was only required for inline builds.  I'm looking into a change
that may obviate dnet for Snort when active response is not configured.

     >     AFAIK, we don't use DAQ in our setup... pcap seems to be what

we use
[TRIM]

     >
     > With 2.9.0, you *must* use the DAQ.  By default, you will wind up

using a

    pcap
     > DAQ, but the DAQ is a separate package that must be installed.

 This is

    new for
     > 2.9.0.

    ugh! when does the madness end? :lol: i'll have to see if i can hunt

up the

    archive for that... hopefully it is available at
    www.snort.org/ports/snort-current/ <

http://www.snort.org/ports/snort-current/>


You can find it here, along with Snort:

http://www.snort.org/snort-downloads.

i'd rather find it in a place that is automation and script friendly...
that web
page link is not :?


This is another issue worth sending to the web site maintainers.

     > Also, the NFQ and IPQ DAQs require libdnet, but so does Snort

2.9.0.


    this begs the question of why DAQ wasn't included in the 2.9.0

archive so that

    one only need grab that one archive, untar it and DAQ be available in

the 2.9.0

    source tree... it sure would make things a *lot* easier :?

It would make things a tad easier for Snort installs but the DAQ is a

generic

solution to packet acquisition problems and is packaged separately so

that it

may find a life of its own.


that's understandable... to a point... i can't count the numbers of times
that
i've included other packages in my releases that are standalone that my
release
required for operation... it just made sense to "make it as easy as
possible"...
it certainly didn't take away from the separation of the packages or their
individuality ;)

    this release really should be 3.something instead of 2.9 with changes

like

    these... but all we can do it either keep trying to move forward or

dump snort

    in the bitbucket and find something else :? that's not my call so all

i can do

    is try to keep beating snort into submission in my environment... it

may very

    well turn out that it gets dumped if we can't get 2.9.0 working and

especially

    if the rules updates get EOLed and leave our users with no rules to

use...


If you want to roll your own, I recommend you start with the DAQ ...  :)


hehehehehe, that's funny :)


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Snort 2.9.0 Now Available, (continued)
- - - Re: Snort 2.9.0 Now Available Marcos Rodriguez (Oct 04)
    - Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
    - Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
    - Re: Snort 2.9.0 Now Available Eoin Miller (Oct 04)
    - Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
    - Re: Snort 2.9.0 Now Available Russ Combs (Oct 04)
    - Re: Snort 2.9.0 Now Available waldo kitty (Oct 04)
    - Re: Snort 2.9.0 Now Available Alex Tatistcheff (Oct 04)
    - Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
    - Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
    - Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
    - Re: Snort 2.9.0 Now Available waldo kitty (Oct 05)
    - Re: Snort 2.9.0 Now Available Russ Combs (Oct 05)
    - Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
    - Re: Snort 2.9.0 Now Available Michael Altizer (Oct 08)
    - Re: Snort 2.9.0 Now Available Crook, Parker (Oct 08)
  - Re: Snort 2.9.0 Now Available Luis Daniel Lucio Quiroz (Oct 11)