[Snort-sigs] RE: Proposal for a distributed "bleeding.conf"

Paul Schmehl pauls at ...1311...
Thu Jun 9 08:53:50 EDT 2005


--On Thursday, June 09, 2005 08:27:59 -0500 Eric Hines 
<eric.hines at ...1663...> wrote:
>
> I can see two courses of action to prevent this in the future:
>
> 1) In the rule submission page at bleeding-edge, limit variable selection
> to only those standard variables found in the official snort.conf file
> that the user must adhere to.
>
> 2) Create the bleeding-edge snort.conf file and distribute it with the
> tarballs.
>
> What do I see as the best approach to this? Change Erik's signatures to be
> the standard port 22 and go with option 1. How much work do we expect to
> all do on behalf of the thousands of rules that come in to this project? I
> personally wouldn't have time to create a new variable and add it to the
> bleeding snort.conf file every time someone wants to create a
> $MY_ELITE_VAR_BECAUSE_I_RUN_FTP_ON_PORT_2121_TO_AVOID_HACKS
>
I see a third.  Don't use bleeding rules.  Nobody is forcing you to do so, 
and when you do, you do so at your own risk.  Just as you do when you write 
your own (which is what I do).

To paraphrase Eric Fichtner, "Grow up!"

But this horse was dead two days ago.

Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-sigs mailing list