Snort mailing list archives
Re: Snort Rules changelog
From: Chris Granger <chrisgrangerx () gmail com>
Date: Wed, 14 Sep 2011 15:49:29 +0000
I agree 100% and what I sent was a stupid answer that was sent unintentionally, and was completely unrelated to the thread. My sincere apologies for my oversight in sending it. On Wed, Sep 14, 2011 at 2:30 PM, Joel Esler <jesler () sourcefire com> wrote:
Chris, This is what the mailing list is for. The thing to remember about the power of the Snort community is that there are beginners and there are experts. Experts help out the beginners in order to build a stronger and larger community. There are no stupid questions, just stupid answers. J On Sep 14, 2011, at 9:25 AM, C Granger wrote:Haha it would drive me crazy answering dumb questions like this. They twodifferent rules that work differently, you filthy monkey! I response on mailing list yeahSent from my iPad On Sep 14, 2011, at 9:07 AM, uri shalev <dabitter () gmail com> wrote:Hi all, I'm trying to understand the rules changelog: i.e., this page -http://www.snort.org/vrt/docs/ruleset_changelogs/2_9_1_0/changes-2011-09-13.html• Does every line actually stands for a new, unique IPS solutionaddressing the vulnerability described (under the 'New Rules')?• In the 'Modified Rules' section, are these existing rules thathave been improved?• Some of the rules address the same issues, with a slightdifference, for instance:* 1:20097 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir infectedhost at destination ip (botnet-cnc.rules)* 1:20096 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Agent.dcir outboundconnection (botnet-cnc.rules)Again, do they stand for an individual solution or are they two parts ofthe same protection?Maybe I'm missing the entire concept of the rules system, I'd appreciateit if you could help me understand it a little better.
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort Rules changelog uri shalev (Sep 14)
- Re: Snort Rules changelog Alex Kirk (Sep 14)
- Re: Snort Rules changelog C Granger (Sep 14)
- Re: Snort Rules changelog Joel Esler (Sep 14)
- Re: Snort Rules changelog Chris Granger (Sep 14)
- Re: Snort Rules changelog Joel Esler (Sep 14)