[Snort-sigs] snort-rules CURRENT update @ Mon Jan 27 06:25:07 2003
erek at ...95...
Tue Jan 28 07:19:02 EST 2003
On Mon, 27 Jan 2003, Bennett Todd wrote:
> This worries me. I thought CURRENT was the cvs head, i.e. an
> unstable alpha release, not recommended for production. Am I wrong
> on that?
Nope. You're right on the money.
> If I'm not wrong on that, then I'd think that production releases
> would profit greatly, possibly more than alpha releases, from timely
> signature updates.
I can only speak for myself on this, but unless there's been a new rule
keyword, feature, or change between STABLE and CURRENT, then I feel more
than safe pulling the CURRENT CVS rules and using them. You may not feel
safe doing that, or your corporate policy may not permit it, but it's a
possibilty to consider.
> Should we (production users of snort) be committing to doing our own
> active and aggressive maintenance of our own signatures to track new
> things --- like e.g. worm-of-the-week signatures?
> If so, this would seem to be something affecting enough people that
> maybe it'd be worth trying to assemble a group to share the labor of
> such maintenance.
Agreed! :) Have a look at this: http://www.snort.org/snort-db/help.html
That's a copy of an email that Brian sent out a while back asking for
folks to contribute sigs and info about them into the DB.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-sigs