[Snort-devel] Snort 2.4 Released!

M. Shirk shirkdog_list at ...445...
Wed Aug 3 10:00:16 EDT 2005


Scratch my question (snort.conf conversion from 2.3 to 2.4 was missing 
community and bleeding snort rules and not your problem and my DFO for Dumb 
f****** operator) :-)

Shirkdog
http://www.shirkdog.us



>From: "M. Shirk" <shirkdog_list at ...445...>
>To: roesch at ...402..., protocoljunkie at ...2499...
>CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>Subject: Re: [Snort-devel] Snort 2.4 Released!
>Date: Wed, 03 Aug 2005 12:24:25 -0400
>
>YEAH, I am not the only one. I am on stable OpenBSD 3.7
>
>I was able to compile but I needed to adjust PATH to include /usr/local/bin 
>and /usr/local/sbin and I had to get the binary packages for 
>automake,autoheader,autoconf,aclocal.  I then did a CVS checkout and ran 
>autojunk.sh (edited to work on OpenBSD with the bins in /usr/local/bin). 
>Adding --with-libpcre-includes/libraries to my ./configure, I was able to 
>compile 2.4.
>
>After seeing this email, I took a tarball I downloaded and I was able to 
>compile this time( with the changes from above).
>
>One thing of note, in OpenBSD 3.7, and -current, they switched to GCC-3.3.5
># gcc -v
>Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd3.7/3.3.5/specs
>Configured with:
>Thread model: single
>gcc version 3.3.5 (propolice)
>#
>
>
>
>Question: I noticed that in 2.3.3, if I was using http_inspect, that I 
>would get pattern matches as well as the preprocessor alerts. Since running 
>2.4.0, when the RBOT HTTP garbage hits my sensor, http_inspect is firing 
>its oversized_uri alert, but I no longer get the bleeding snort rules that 
>should trigger on this (also the mod_jrun community rule). Is this an 
>optimization to not pattern match when the preprocessor can handle the 
>traffic? (which is cool), or something else?
>
>Shirkdog
>http://www.shirkdog.us
>
>
>
>>From: Martin Roesch <roesch at ...402...>
>>To: M Raju <protocoljunkie at ...2499...>
>>CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>>Subject: Re: [Snort-devel] Snort 2.4 Released!
>>Date: Wed, 3 Aug 2005 10:41:08 -0400
>>
>>Hi Raju,
>>
>>I'm checking it out.  I did a test build on OpenBSD 3.4 before  shipping, 
>>let me see if a problem slipped in there someplace...
>>
>>      -Marty
>>
>>
>>On Aug 3, 2005, at 7:55 AM, M Raju wrote:
>>
>>>Marty,
>>>  Just wanted to let you know that 2.4 compile on OpenBSD-current
>>>fails. Not sure if any builds were tested on OpenBSD (I am setting up
>>>a 3.7-stable box to see it is an OBSD issue). I know you were working
>>>on RH9 rpms (yikes!), but perhaps *BSD were not added for 2.4 testing?
>>>Thanks.
>>>
>>>_Raju
>>>
>>>-
>>>
>>>local/include -DLIBNET_BSDISH_OS -DLIBNET_LIL_ENDIAN  -g -O2 -Wall -c
>>>spp_stream4.c
>>>spp_stream4.c: In function `DeleteSession':
>>>spp_stream4.c:3661: error: `FLUSH_DELAY' undeclared (first use in  this 
>>>function)
>>>spp_stream4.c:3661: error: (Each undeclared identifier is reported  only 
>>>once
>>>spp_stream4.c:3661: error: for each function it appears in.)
>>>*** Error code 1
>>>
>>>Stop in /usr/local/src/snort-2.4.0/src/preprocessors.
>>>*** Error code 1
>>>
>>>Stop in /usr/local/src/snort-2.4.0/src/preprocessors (line 285 of  
>>>Makefile).
>>>*** Error code 1
>>>
>>>Stop in /usr/local/src/snort-2.4.0/src (line 334 of Makefile).
>>>*** Error code 1
>>>
>>>Stop in /usr/local/src/snort-2.4.0 (line 303 of Makefile).
>>>*** Error code 1
>>>
>>>Stop in /usr/local/src/snort-2.4.0 (line 180 of Makefile).
>>>
>>>
>>>On 7/28/05, Martin Roesch <roesch at ...402...> wrote:
>>>
>>>>Nothing sinister, just dropped the ball between Jeremy leaving and me
>>>>picking things up.  I'll take a look and get them in shortly if I  can.
>>>>
>>>>       -Marty
>>>>
>>>>
>>>>On Jul 28, 2005, at 6:46 PM, Erik de Castro Lopo wrote:
>>>>
>>>>
>>>>>On Thu, 28 Jul 2005 11:50:34 -0400
>>>>>Jennifer Steffens <jennifer.steffens at ...402...> wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Hey Everyone,
>>>>>>
>>>>>>Snort v2.4 is now officially available. This release includes a
>>>>>>number
>>>>>>
>>>>>>
>>>>>
>>>>><snip>
>>>>>
>>>>>
>>>>>
>>>>>>If you have any feedback, let us know - snort-team at ...2780...
>>>>>>
>>>>>>
>>>>>
>>>>>I was rather disappointed that the two patch I sent in:
>>>>>
>>>>>      http://www.webservertalk.com/message1053302.html
>>>>>      http://sourceforge.net/mailarchive/forum.php?
>>>>>thread_id=7172477&forum_id=7142
>>>>>
>>>>>have not been applied. Both are smal localaised easily
>>>>>verifiable changes.
>>>>>
>>>>>Have these been dropped by mistake or were they rejected for some
>>>>>other reason?
>>>>>
>>>>>Erik
>>>>>--
>>>>>-------------------------------------------------------
>>>>>[N] Erik de Castro Lopo, Senior Computer Engineer
>>>>>[E] erik.de.castro.lopo at ...2292...
>>>>>[W] http://www.sensorynetworks.com
>>>>>[T] +61 2 83022726
>>>>>[F] +61 2 94750316
>>>>>[A] L6/140 William St, East Sydney NSW 2011, Australia
>>>>>-------------------------------------------------------
>>>>>"Premature optimization is the root of all evil" - C.A.R.Hoare
>>>>>"If it doesn't work, don't optimize." - Christian Bau
>>>>>
>>>>>
>>>>>
>>>>
>>>>--
>>>>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>Sourcefire - Network Defense for the Real World - http://
>>>>www.sourcefire.com
>>>>Snort: Open Source Intrusion Detection and Prevention - http://
>>>>www.snort.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>-------------------------------------------------------
>>>>SF.Net email is Sponsored by the Better Software Conference & EXPO  
>>>>September
>>>>19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>>>>Agile & Plan-Driven Development * Managing Projects & Teams *  Testing & 
>>>>QA
>>>>Security * Process Improvement & Measurement * http://www.sqe.com/ 
>>>>bsce5sf
>>>>_______________________________________________
>>>>Snort-devel mailing list
>>>>Snort-devel at lists.sourceforge.net
>>>>https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>
>>>>
>>>
>>>
>>>--
>>>May the packets be with you.
>>>
>>>
>>
>>--
>>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>Sourcefire - Network Defense for the Real World - http:// 
>>www.sourcefire.com
>>Snort: Open Source Intrusion Detection and Prevention - http:// 
>>www.snort.org
>>
>>
>>
>>
>>
>>-------------------------------------------------------
>>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>>from IBM. Find simple to follow Roadmaps, straightforward articles,
>>informative Webcasts and more! Get everything you need to get up to
>>speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>_______________________________________________
>>Snort-devel mailing list
>>Snort-devel at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>_________________________________________________________________
>Is your PC infected? Get a FREE online computer virus scan from McAfee® 
>Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel

_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/





More information about the Snort-devel mailing list