Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Recent Rule Changes

From: JJC <cummingsj () gmail com>
Date: Thu, 1 Jul 2010 08:52:58 -0600
While you can use the sub-rules or the reg-rules, the system (in either
case) will give you the rules that you have access to.. if you are a
registered user then you will receive the registered user ruleset.. if,
however, you are a subscriber then you will receive the subscriber ruleset
regardless of the sub-rules or reg-rules.

On Thu, Jul 1, 2010 at 8:08 AM, John York <YorkJ () brcc edu> wrote:


Joel allegedly said:

Date: Wed, 30 Jun 2010 18:43:50 -0400
From: Joel Esler <jesler () sourcefire com>
Subject: [Snort-sigs] Recent Rule Changes


<snip>


For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort

2.8.5.3, the download links >would look as

follows:



Subscriber Release
http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
http://www.snort.org/sub-rules/snortrules-snapshot-2853.tar.gz/OINKCODE



Registered User Release
http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/OINKCODE



You will notice in the above urls the difference in between the two

"sub-rules" vs. "reg-rules".  >You will also notice something else, we no
longer have "_s" in the URL anymore.  Many people were >getting confused in
the difference, and we wanted to clear that up by changing the URL easier to

recognize.


<snip>

I've been troubleshooting other problems I'm having downloading rules with
pulledpork.  Either I'm misunderstanding the thread that tells what the new
url's are, I'm misreading the pulledpork 0.4.2 perl code, or pulledpork has
a bug.  It looks to me that it always downloads reg-rules, and doesn't have
any way in the config file to specify reg-rules or sub-rules...

Thanks
John


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: