Re: Detecting w3af scans

[waldo kitty <wkitty42 () windstream net>]

On 09/30/2015 11:45 AM, Bruno PEPPER wrote:
> Hi,
>
> I am running snort (2.9.6.0 GRE (Build 47)) on ubuntu 14.04 in the IDS mode along with ET rules for 2.9

snort 2.9.6.2 is the oldest snort supported these days... there's also 2.9.7.3, 
2.9.7.5 and the newly released 2.9.7.6 that are available...

if you're pulling from a repo, it might be best to see if there's an up-to-date 
PPA available... if not, the recommendation is basically to get the code and 
build your own from the sources... that way you can stay up to date and keep up 
with the snort release policy which moves a lot faster than that available in 
most *nix release update repos...

make sure you keep up with the https://www.snort.org/eol page to see which 
snorts are still supported and have rules being updated for them...

the eol page doesn't even show 2.9.7.6 on it, at the time of this message 
posting, and the rules for registered users for 2.9.7.6 are not yet available...

2.9.7.3 support goes away on 2015 Oct 20 according to the EOL page...

when a snort goes EOL, there's no more rules updates for them and the last set 
of rules is removed... i /think/ the last set may be available for 30 days if 
you are a registered user... i'm not sure about paying subscribers' access to 
old rules, though...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!