Snort mailing list archives
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Mon, 21 Mar 2011 20:13:23 -0400
On Mon, 21 Mar 2011 19:05:35 -0400, waldo kitty wrote:
On 3/21/2011 14:00, Nigel Houghton wrote:I see. In that case, ET should act as an end-user, copy the rule to another file, give it a new SID and leave the original alone and disabled in the rule file. If the change is appropriate, send the suggested modification along to us and we will handle it.and herein is the crux of the apparent problem... why "you" (inclusive and apparently meaning VRT)... why not ET? especially since they are, at least, willing to provide the rules in a format that older snorts can handle and properly detect the traffic in question?? who owned them to start with? who maintained them to start with? why are they now as they are?
The original distribution point is snort.org, the original distributors are the Snort team and after it's inception, Sourcefire (in fact, when Sourcefire started the rule sids hadn't yet gotten much past 1000, and most of those are now deleted). IIRC, when I started at Sourcefire in 2002, we were somewhere around the 1300 mark. So, if it's original distributor you want, then it's Sourcefire, that's "why not ET". You also omitted further relevant information from my email that is: "In the case of the modification being needed for a currently supported version of Snort, the rule will get the update for each version (see #2). In the case of older, non-supported versions, the rule can remain where it is and any modification distributed for that version of Snort as the maintainer sees fit. Since we do not maintain rules for outdated versions of Snort, there will be no SID conflict. This is a pretty simple process that merely relies on feedback to incorporate suitable changes with minimal impact on the end-user." And for your convenience, here is the #2 in question again: "2. False positive/negative content match change or addition of content match to improve detection. In this instance the rule gets modified for all currently supported versions of Snort and the rev for each rule is bumped. For folks who are running non-supported versions, this modification should be done by whoever wants to maintain the rules for those older sets and the rev bumped accordingly. Since rules for specific versions of Snort should be shipped in separate packages, this should not impose a problem." -- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?, (continued)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Martin Holste (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Message not available
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Wallace (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jeff Kell (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 22)