[Snort-sigs] snort rules and -CURRENT for 2.1.3

Rowland, Krisa W ERDC-ITL-MS Contractor Krisa.W.Rowland at ...2112...
Thu Jul 22 09:04:05 EDT 2004


Ok, even though no one has replied to either of us.  From earlier threads I
thought I had gathered at one point that the CURRENT rule set was sort of a
"bleeding edge" rule set, per se.  Where the rules were not the official
rules - but were used with the cvs and as a "use at your own risk" sort of
thing.  So the 2_2, 2_1, and 2_0 are the official stable rulesets.  My
question then would be - which version are these cutting edge rulesets used
for - and are they going to break my Snort if I use them with anything less
than 2.2?? 

-----Original Message-----
From: Eric Jacobsen [mailto:jacobsen at ...437...] 
Sent: Wednesday, July 21, 2004 3:59 PM
To: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] snort rules and -CURRENT for 2.1.3


Ok, no one answered me (or Krisa Rowland AFAIK) and things seems
to have gotten worse on the download page.  I'll reply to my own
message to try to solicit an official response.

The download page presently features:

snortrules-snapshot-CURRENT.tar.gz  for snort-CURRENT
snortrules-snapshot-2_2.tar.gz for Snort-2.2
snortrules-snapshot-2_1.tar.gz for Snort-2.1.x
snortrules-snapshot-2_0.tar.gz for Snort-2.0.x

However,

(1) If snort 2.1.3 rules aren't compatible with Snort 2.1.x
     where x<3, which rules are really in the 2.1 file?

(2) As others have noted, asn: rules (which appear to be
     a 2.2 only thing?) have started popping up in the 2.1
     tarball (sids 2382,2383,2578,2579 in particular).

(3) What, exactly, is snort-CURRENT now? 2.2.+ ??

The download page (and this list) could really use some
clarification.

A little help please!



Eric Jacobsen wrote:

> 
> I hate to bring up a sore subject, but a few weeks back we
> determined that:
> 
> snortrules-snapshot-CURRENT.tar.gz was for snort 2.1.3
> snortrules-snapshot-2_1.tar.gz was for snort 2.1.0 to 2.1.2
> snortrules-snapshot-2_0.tar.gz was for snort 2.0.x
> 
> If I want to set up a 2.1.3 system (now that it's official
> and not a candidate) should I be syncing from the -CURRENT
> or is that going to change to be [2.1.4 | 2.2.x] as soon as
> those betas and rcs start, and you'll spawn yet another
> snortrules-snapshot hierarchy for 2.1.3 people?
> 
> Thanks!
> 




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040722/1936c3ad/attachment.html>


More information about the Snort-sigs mailing list