[Snort-sigs] Bleeding Snort updates and a new ruleset
matt at ...2436...
Tue Dec 14 17:45:01 EST 2004
The custom ruleset we enabled a week or so ago was orogonally just a
grep of all rules that had been disabled by default. The idea was to
give folks a way to easily look at everything that's disabled and decide
if they want to use it themselves. There was a lot of interest there,
and some new rules that do need that consideration. So we're turning it
into a real ruleset. That's done now. You'll need to add to your snort.conf:
Unless you're just running the full ruleset. These will all be disabled
by default. You can view what's there now at
We will be slowly moving more of the disabled rules there as we go. The
goal being that every rule in other rulesets is active and safe to use
by default. Anything that can't fit that criteria will move to the
custom set where you'll have to take a look yourself.
You'll see a lot of junk in today's update, ignore most of it, that
reflects the change here.
Feedback welcome as always.
More information about the Snort-sigs