Snort mailing list archives

Re: Snort Rules changelog

From: Chris Granger <chrisgrangerx () gmail com>
Date: Wed, 14 Sep 2011 15:49:29 +0000

I agree 100% and what I sent was a stupid answer that was sent
unintentionally, and was completely unrelated to the thread. My sincere
apologies for my oversight in sending it.

On Wed, Sep 14, 2011 at 2:30 PM, Joel Esler <jesler () sourcefire com> wrote:

Chris,

This is what the mailing list is for.  The thing to remember about the
power of the Snort community is that there are beginners and there are
experts.  Experts help out the beginners in order to build a stronger and
larger community.

There are no stupid questions, just stupid answers.

J

On Sep 14, 2011, at 9:25 AM, C Granger wrote:

Haha it would drive me crazy answering dumb questions like this. They two

different rules that work differently, you filthy monkey! I response on
mailing list yeah


Sent from my iPad

On Sep 14, 2011, at 9:07 AM, uri shalev <dabitter () gmail com> wrote:

Hi all,
I'm trying to understand the rules changelog:
i.e., this page -

http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_0/changes-2011-09-13.html

     • Does every line actually stands for a new, unique IPS solution

addressing the vulnerability described (under the 'New Rules')?

     • In the 'Modified Rules' section, are these existing rules that

have been improved?

     • Some of the rules address the same issues, with a slight

difference, for instance:

 * 1:20097 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infected

host at destination ip (botnet-cnc.rules)

 * 1:20096 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir outbound

connection (botnet-cnc.rules)



Again, do they stand for an individual solution or are they two parts of

the same protection?

Maybe I'm missing the entire concept of the rules system, I'd appreciate

it if you could help me understand it a little better.

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the 
BlackBerry&reg; mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry&reg; DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort Rules changelog uri shalev (Sep 14)
- Re: Snort Rules changelog Alex Kirk (Sep 14)
- Re: Snort Rules changelog C Granger (Sep 14)
  - Re: Snort Rules changelog Joel Esler (Sep 14)
    - Re: Snort Rules changelog Chris Granger (Sep 14)