Re: SnortSam Discussion was: RulePack update and End of Life of 2.8.6.0

[Joel Esler <jesler () sourcefire com>]

On Thu, Jan 27, 2011 at 4:11 PM, Michael Scheidell <
michael.scheidell () secnap com> wrote:

>  On 1/6/11 3:39 PM, Joel Esler wrote:
>
> Okay, so the feature set you are looking for is the ability to block using
> an external firewall, is that correct?
>
>  You can't do the time based blocking from within Snort itself? (need to
> be inline)
>
>  I also need snort sam patches for snort 2.9*.

Well, I can't help you there.



> and you might want to check with wfreeman who will be maintaining snort for
> freebsd (I think)
Yes he will.  Maybe I'm too far out of this thread to realize why I need to
check with him though?


> for freebsd, its critical:  not only for the distributed firewall issue as
> Matt said, but, since freebsd snort-inline port is stuck at 2.8.4, its the
> only game in town.

snort-inline, I believe, is dead.  Will?


> (and as we know, there were those packet loss issues with 2.8.6.1 that you
> want us to upgrade to.. and, once you go past 2.9.1, we won't be able to get
> 2.8.6.1 VRT rules anymore)

2.9.1 + 90 days.  You've got awhile.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users