[Snort-sigs] Whitehats rules versus Snort.org rules

Matt Kettler mkettler at ...189...
Thu Oct 2 11:10:09 EDT 2003


At 05:15 AM 10/2/2003, Jukka Juslin wrote:
>The question: do you think whitehats rules still bring considerable added
>value? I wouldn't see any reason, why whitehats.com rules wouldn't go into
>snort.org fast enough - if they are indeed good?

The whitehats rules have not been maintained for a VERY long time. Note 
that vision18.conf.gz is for snort 1.8.x. and vision.conf.gz is for snort 
1.7x.. This should immediately give you an idea just how old these rulesets 
are.

A more accurate measure of how well maintained they are can be had by 
looking inside the .gz file. Vision18.conf was last modified 8/21/2001. 
It's been over 2 years since any rules were added to that ruleset. It was 
last updated a mere 1 month after the code red worm outbreak.

Until the author of that ruleset is able to work on the ruleset again, 
consider the vision ruleset to be dead, and really only an archive of past 
work for historical interest.

End of story. 





More information about the Snort-sigs mailing list