[Snort-devel] Suggestion for unknown keywords

Russell Fulton r.fulton at ...1343...
Wed Jan 29 12:52:02 EST 2003


On Wed, 2003-01-29 at 21:06, Frank Knobbe wrote:
> hmpf.... according to source, Snort IS tolerant and only issues a
> warning when it encounters an unknown option in a rule.
> 
> So, that means that we should be able to use Snort 2.0 rules (with any
> new keywords) on version 1.9, correct?

I switched over to using the 'current' rule set with 1.9.0 yesterday and
everything seems to be working OK.  I posted a similar message to
snort-sigs a day or so back asking what I should be doing but got no
response.

Snort Developers: Hey guys (and gals?) it really is a bit rude not to
maintain rule sets for the current production version of snort.
Particularly when version 2.0 isn't in beta yet. (When it goes into beta
I will switch one of my machines to it).

I know you are focused on development of 2.0 but keeping the production
system useful is also important.  

Would it help if volunteers checked new rules and resubmitted them for
the stable rule set.  I'd be happy to help with that.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin





More information about the Snort-devel mailing list