Snort mailing list archives
Re: Snort version vs Snort rules version
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 11 Jan 2011 12:46:53 -0500
You are correct. I apologize. You can use OLDER versions of rules with NEWER versions of Snort. J On Tue, Jan 11, 2011 at 12:40 PM, NA <dustypath () comcast net> wrote:
Sorry to belabor the point, I am thinking you mean any OLD version of rules works with any NEWER version of Snort by default (leaving out possible rule writing changes done years ago, if any, for the sake of discussion). To tighten it up further is it the recommendation or is it you HAVE to use the matching or lower version ruleset of the Snort version installed? J The reply below seems conflicted, did you mean: You can't use 2.9.0.3 rules (for example) with 2.9.0.2? Btoo On 1/11/11 8:59 AM, Joel Esler wrote:No, If you are using 2.9.0.3, any version of rules will work with it. You can't use 2.9.0.2 rules (for example) with 2.9.0.3. J On Tue, Jan 11, 2011 at 11:55 AM, NA <dustypath () comcast net <mailto:dustypath () comcast net>> wrote: Thanks, So this means major version of Snort as in 2.9 work with any 2.9xx ruleset? Would this mean there will be no issues? Would it be better to use matching versions (as in fewer hiccups, unfamiliar FPs and such)? On 1/11/11 8:27 AM, Joel Esler wrote: You should always use the correct version of rules with the correct version of Snort. However, I see your dilemma. Let me think about this a bit and see if we can come up with a solution. J On Tue, Jan 11, 2011 at 11:16 AM, NA <dustypath () comcast net <mailto:dustypath () comcast net> <mailto:dustypath () comcast net <mailto:dustypath () comcast net>>> wrote: Hello all, It may be obvious to many that the Snort ruleset version should match the Snort installed version but I found myself in a different situation. Concentrating on installing the latest Snort with all the other accompanying programs was my first priority. Then moving on to configuring and using Snort I found that the latest rules were subscriber only and choose to install the registered version ruleset. So this begs the question, is it a bad idea to use the latest Snort version with the registered ruleset? Is there some rule of thumb to go by to avoid problems? Thanks------------------------------------------------------------------------------Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> <mailto:Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -- Joel Esler Skype:eslerjoel http://blog.snort.org -- Joel Esler Skype:eslerjoel http://blog.snort.org------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Joel Esler Skype:eslerjoel http://blog.snort.org
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort version vs Snort rules version NA (Jan 11)
- Re: Snort version vs Snort rules version Joel Esler (Jan 11)
- Re: Snort version vs Snort rules version waldo kitty (Jan 11)
- Re: Snort version vs Snort rules version Joel Esler (Jan 11)
- Re: Snort version vs Snort rules version waldo kitty (Jan 11)
- Re: Snort version vs Snort rules version Nigel Houghton (Jan 11)
- <Possible follow-ups>
- Re: Snort version vs Snort rules version NA (Jan 11)
- Re: Snort version vs Snort rules version Joel Esler (Jan 11)
- Re: Snort version vs Snort rules version Joel Esler (Jan 11)