Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available

[Joel Esler <jesler () sourcefire com>]

What versioning in Snort rules do you all find to be acceptable?

Take into account that there is no way we can maintain every version of every build and I am committing to nothing, I 
would just like to hear some constructive ideas. 


Sent from my iPhone

On Nov 3, 2010, at 9:16 PM, "evilghost () packetmail net" <evilghost () packetmail net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > several of my projects are current stuck at 2.8.6.1 with NO WAY to move forward 
> > due to the forced updates in certain sources that snort has gone... it bites 
> > huge uglies and many of my clients are extremely upset... you don't hear it but 
> > i sure do :( :( :(
>
> I made the 2.9.0.1 jump, abandoning Paul Woods mmap libpcap 0.9.8 and using DAQ
> compiled with only AFPACKET (these are 32bitCentOS 5 boxes, I did not want to do
> the libpcap 1.0.0 song and dance).  Check the Snort mailing list, evidently
> CentOS x64 has some issues with AFPACKET.
>
> I also disabled SO rules.  AFPACKET alone seems to be doing well and all in all
> it wasn't too difficult.  There is a noticible decrease in CPU utilization,
> perhaps 30% or more.  It's difficult to attribute this to a specific action
> since so many variables changed (introduction of 2.9.0.1, AFPACKET, DAQ, and
> disabling SO rules).
>
> I do get tired of constantly feeling like I'm hurried into an update and the
> lack of fixing the http reassembly issue regarding http_inspect on 2.8.6.1 hurt
> me.  I'm constantly in a state of instability and flux because of aggressive
> (and really asinine) support schedules.  I'm now using DAQ with AFPACKET;
> something I'm not used to, and change takes a while to validate it's successful.
>
> I figured I'd offer this up to the group in the event you weren't aware you
> could compile DAQ with AFPACKET only.  Oddly enough Snort 2.9.0.1 had no issues
> compiling against libpcap-0.9.8 -- only DAQ complained.
>
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJM0gmAAAoJENgimYXu6xOH/OUP/0Uhy73zPAfXjaPN95WlZV3U
> QN4XHg+xwndw5Ee7jEXoUijwCwQlPDkg9w2V9L59od5lDxtJL1tnMyEc7cf9n2vF
> GZDBB5ZLNmLX2RMhl4QQN8vJGVKKRz4m5IDGsVWx08VMOvkeJe8C9IDmu6l0J2qg
> Z9N4FHLGWthme8XSbg2Mz+fZcCk5pxwSN5+BJv3958r9EaSC6k1uz5XF/B2DXWgC
> SqzOsuXAz9XEq9SGShgbjQ2/11P0JwOonc956kioOigUkiTsEs8cmxW1AKslmvbt
> KaFCvPwxnbo7JYQT/canfQgCvMOhgp5i9QW6TiXtoc6mm9dlVVCaeu7ro/m1CFpb
> Pq3lx4f8I43lmsrdUOGXuxqoMom+6tteV1fX1E9dqEukDep8yOvzXd+3lQvk+LLH
> lfUNDbR1i72jETA6USEOShVsi5KNJqGN2XhwV9+RH6Iti0Sw5FIsnvec0i5zYuzW
> FZ/BvJQeVDJdNyptQNbI3qWlAu2hUqyAOyIiTeixV2/9YVrNqDXAcBHzrZyGZYAm
> B5lL2lNUirb6btDvnaU2PaJqwByAcVyodeBsfOO1GeNh7+T+RfMCkVTy/AQbXPD0
> A6nqQS5fxo4Vw+wP6Xpkbly+RDeASrlZoljPqkaMofG43ECbqCD4I6VJPbrDs+3s
> KJ2opZ3O7niKxOynVZac
> =/fS9
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html

------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs