[Snort-sigs] If You're Using Bleeding Snort Rules Read This!!

Joel Esler eslerj at ...2420...
Thu Jun 9 02:46:44 EDT 2005


Wouldn't it be just as efficient to add  "any" instead of "$SSH_PORTS" 
or whatever the var is?  I mean.. really..  I think that settles the 
whole document.  On the other hand, I would recommend turning "var"s 
over to either OSSRC or sourcefire themselves.  It's their product!  
They should build it into the snort.conf that comes with it if it's 
that big a deal for a few rules.

I'd much rather go with the "any" statement.

J


On Jun 9, 2005, at 12:37 AM, Frank Knobbe wrote:

> On Wed, 2005-06-08 at 23:29 -0500, Eric Maheo wrote:
>> I think OSSRC should also be the provider of VARIABLES.
>
> LOL!!  How is that different? If OSSRC adds a variable, and you still
> don't pay attention, you still have the same shit hitting the same fan.
>
> Get a clue. You dropped the ball. Suck it up and get over it. That's
> hardly a topic to keep alive on a list dealing with sigs.
>
> -Frank
>





More information about the Snort-sigs mailing list