Snort mailing list archives
Re: var or ipvar?
From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 28 Jan 2013 21:28:21 -0500
On 1/28/2013 15:49, Joel Esler wrote:
On Jan 28, 2013, at 3:36 PM, waldo kitty <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote:On 1/28/2013 15:10, Joel Esler wrote:Ipvar, for ips. Portvar for ports.i love bikini answers! short and to the point ;)Sorry, was on my iPad.
not a problem, really ;)
but in this case, i'm needing a bit more information, please... ipvar was started being used for IPv6 at what version of snort?Um. I want to say 2.6.0?
maybe something after 2.8.6.1?
ipvar was started being used for both IPv4 and IPv6 at what version of snort?You've always been able to use both. What you haven't been able to do is use var for ipv6 addresses. 2.9.3.0 enabled ipv6 by default, and 2.9.4.0 removed the separate code paths.
ok...
var was no longer for IPv4 used at what version of snort?It always has been. But we've eliminated the difference now.
as of 2.9.4.0... ok...
and lastly this question from the previous post... will older snorts fall over because of ipvar being introduced into their environment before they are ready for it?If it's not compiled with --enable-ipv6, yes. But if you compiled ipv6 in, you should be good to go.
older versions (ie: 2.8.6.x) of snort didn't have --enable-ipv6 as i recall... so ok, any unknown keywords will elicit a fail when starting snort... i'll have to check with those who are endeavoring to provide OOB (Out of Band) updates for our environment and see what specific options they are compiling their releases of snort with... thank you and my apologies if some of my posts in this thread are a bit frustrated sounding... it is a really ugly situation and causing problems... moreso than just not being able to download the current set of rules 30 days old and such... that particular "catch 22" still seems like it should be a rolling 30 days thing... ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- var or ipvar? waldo kitty (Jan 28)
- Re: var or ipvar? Nicholas Bogart (Jan 28)
- Re: var or ipvar? Joel Esler (Jan 28)
- Re: var or ipvar? waldo kitty (Jan 28)
- Re: var or ipvar? Joel Esler (Jan 28)
- Re: var or ipvar? waldo kitty (Jan 28)
- Re: var or ipvar? Joel Esler (Jan 28)
- Re: var or ipvar? Nicholas Bogart (Jan 28)
- Re: var or ipvar? waldo kitty (Jan 28)
- <Possible follow-ups>
- Re: var or ipvar? Y M (Jan 28)
- Re: var or ipvar? Nicholas Bogart (Jan 28)
- Re: var or ipvar? waldo kitty (Jan 28)
- Re: var or ipvar? Joel Esler (Jan 28)
- Re: var or ipvar? Nicholas Bogart (Jan 28)
- SNORT compilation in ECLIPSE patricio (Jan 28)
- Re: var or ipvar? waldo kitty (Jan 28)
- Re: var or ipvar? Todd Wease (Jan 28)
- Re: var or ipvar? waldo kitty (Jan 28)
- Re: var or ipvar? Todd Wease (Jan 29)