Snort mailing list archives
Re: [Emerging-Sigs] [Snort-Sigs] Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 2 Dec 2011 14:50:04 -0500
On Dec 2, 2011, at 2:35 PM, Matthew Jonkman wrote:
Ya, we went through all this for a while, and for a number of reasons (of which I recall a few I'll put below) we decided itd be easier to fork. I did not realize though that you maintain the old community rules in the vrt tarball. Is that really so?
Of course. Our detection is continually updated and it will continue to be updated with new features when we are rolling them out. We have plans for the future that may effect a vast majority of these rules.
Reasons I recall for the fork though: 1. Any changes vrt makes aren't public for 30 days. We don't want to wait there, or have to be pulling and picking apart the vrt tarball every release to find them. 2. We support many more versions of snort, and we have to maintain the older versions as they were, which makes all sorts of admin headaches when they change to new versions only in the vrt version
Which is one of the many reasons why we don't. We build features into Snort for a reason, to make detection better and easier. We believe that supporting old versions is incorrect and is like Microsoft continuing to support NT forever. It's just bad business.
4. I can't recall an example at the moment, but there may be cases where we want to set a flowbit for an ET rule in a gpl sig, which I imagine VRT wouldn't want to maintain if they didn't have the rule which checks it It isn't any insult that we moved them, don't take it that way.
No. I was one of the advocates for you moving them if you remember correctly. We can't have other people using our SIDs. It's bad enough we have different detection with same "pseudo" sid. J ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder, (continued)
- Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder L0rd Ch0de1m0rt (Dec 01)
- Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Matthew Jonkman (Dec 01)
- Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Joel Esler (Dec 01)
- Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Jeff Kell (Dec 01)
- Re: [Emerging-Sigs] [Snort-users] Snort 2.8.6.1 EOL Reminder Joel Esler (Dec 01)
- Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Nathan (Dec 02)
- Re: [Emerging-Sigs] [Snort-users] Snort 2.8.6.1 EOL Reminder Joel Esler (Dec 02)
- Re: [Snort-sigs] [Emerging-Sigs] Snort 2.8.6.1 EOL Reminder Matthew Jonkman (Dec 02)
- Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Joel Esler (Dec 02)
- Re: [Snort-Sigs] Re: [Emerging-Sigs] [Snort-sigs] Snort 2.8.6.1 EOL Reminder Matthew Jonkman (Dec 02)
- Re: [Emerging-Sigs] [Snort-Sigs] Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Joel Esler (Dec 02)
- Re: [Snort-sigs] Snort 2.8.6.1 EOL Reminder Mike Lococo (Dec 01)