Re: flowbits: netsenum

[waldo kitty <wkitty42 () windstream net>]

On 5/31/2013 11:02, Joel Esler wrote:
> On May 30, 2013, at 8:18 PM, waldo kitty <wkitty42 () windstream net
> <mailto:wkitty42 () windstream net>> wrote:
>
> > > The vast majority of SO rules you can download the source for (it's included in
> > > the tarball) and compile on your own machine.
> >
> > thanks for the clarification! things didn't used to be this way but now that
> > things have changed, it may be easier for us to provide the SO rules for our
> > limited and closed environment... it is something that i will endeavor to dig
> > into more and see what is what :)
>
> We started putting all rules out as "open" two years ago.

ahhh... shows how long ago it was that i stopped fighting that particular battle ;)

oh... uhhh... to implement SO rules, that means that one has to have compiling 
capability installed on the system, right? in a secure firewall environment, 
that's not going to fly at all... it gives much too much capabilities if someone 
does happen to get into the machine... weekly updates of the rules are currently 
implemented for those that choose to use that capability... others much update 
their rules manually... hummm... how to provide for SO rules usage in such an 
environment?


FWIW: i don't recall seeing an announcement concerning the above SO rules being 
"open" in any of the snort-* lists but i might easily have missed it... i rarely 
visit "blogs" and i don't "do" RSS feeds... generally speaking, if i can't get 
it in email, i don't get it at all... not being ugly there... just honest... i 
spend close to 85% of my time in email (like this) unless i'm coding which then 
takes %1000 of my time ;) the other %15 of my time when i'm not coding may be 
spent visiting a few special interest web sites, testing software or maintaining 
the systems under my control...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!