Snort mailing list archives
Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 21:48:40 -0400
What versioning in Snort rules do you all find to be acceptable? Take into account that there is no way we can maintain every version of every build and I am committing to nothing, I would just like to hear some constructive ideas. Sent from my iPhone On Nov 3, 2010, at 9:16 PM, "evilghost () packetmail net" <evilghost () packetmail net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1several of my projects are current stuck at 2.8.6.1 with NO WAY to move forward due to the forced updates in certain sources that snort has gone... it bites huge uglies and many of my clients are extremely upset... you don't hear it but i sure do :( :( :(I made the 2.9.0.1 jump, abandoning Paul Woods mmap libpcap 0.9.8 and using DAQ compiled with only AFPACKET (these are 32bitCentOS 5 boxes, I did not want to do the libpcap 1.0.0 song and dance). Check the Snort mailing list, evidently CentOS x64 has some issues with AFPACKET. I also disabled SO rules. AFPACKET alone seems to be doing well and all in all it wasn't too difficult. There is a noticible decrease in CPU utilization, perhaps 30% or more. It's difficult to attribute this to a specific action since so many variables changed (introduction of 2.9.0.1, AFPACKET, DAQ, and disabling SO rules). I do get tired of constantly feeling like I'm hurried into an update and the lack of fixing the http reassembly issue regarding http_inspect on 2.8.6.1 hurt me. I'm constantly in a state of instability and flux because of aggressive (and really asinine) support schedules. I'm now using DAQ with AFPACKET; something I'm not used to, and change takes a while to validate it's successful. I figured I'd offer this up to the group in the event you weren't aware you could compile DAQ with AFPACKET only. Oddly enough Snort 2.9.0.1 had no issues compiling against libpcap-0.9.8 -- only DAQ complained. - -evilghost -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJM0gmAAAoJENgimYXu6xOH/OUP/0Uhy73zPAfXjaPN95WlZV3U QN4XHg+xwndw5Ee7jEXoUijwCwQlPDkg9w2V9L59od5lDxtJL1tnMyEc7cf9n2vF GZDBB5ZLNmLX2RMhl4QQN8vJGVKKRz4m5IDGsVWx08VMOvkeJe8C9IDmu6l0J2qg Z9N4FHLGWthme8XSbg2Mz+fZcCk5pxwSN5+BJv3958r9EaSC6k1uz5XF/B2DXWgC SqzOsuXAz9XEq9SGShgbjQ2/11P0JwOonc956kioOigUkiTsEs8cmxW1AKslmvbt KaFCvPwxnbo7JYQT/canfQgCvMOhgp5i9QW6TiXtoc6mm9dlVVCaeu7ro/m1CFpb Pq3lx4f8I43lmsrdUOGXuxqoMom+6tteV1fX1E9dqEukDep8yOvzXd+3lQvk+LLH lfUNDbR1i72jETA6USEOShVsi5KNJqGN2XhwV9+RH6Iti0Sw5FIsnvec0i5zYuzW FZ/BvJQeVDJdNyptQNbI3qWlAu2hUqyAOyIiTeixV2/9YVrNqDXAcBHzrZyGZYAm B5lL2lNUirb6btDvnaU2PaJqwByAcVyodeBsfOO1GeNh7+T+RfMCkVTy/AQbXPD0 A6nqQS5fxo4Vw+wP6Xpkbly+RDeASrlZoljPqkaMofG43ECbqCD4I6VJPbrDs+3s KJ2opZ3O7niKxOynVZac =/fS9 -----END PGP SIGNATURE----- _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Joel Esler (Nov 03)
- Message not available
- Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available L0rd Ch0de1m0rt (Nov 04)
- Message not available
- <Possible follow-ups>
- Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available Matthew Jonkman (Nov 03)