[Snort-sigs] old rules with newer snort

Joel Esler joel.esler at ...435...
Wed Mar 5 17:33:10 EST 2008


Therefore, please update your version of rules + Snort.  It's always  
best to stay current.

You keep your OS up to date, why not keep the IDS that defends those  
assets up to date as well?

J

On Mar 5, 2008, at 5:27 PM, Jason wrote:

> the only safe assumption is that it will not work as expected. It
> _should_ generally work but is not guaranteed to do so. Parsing bugs  
> get
> fixed, capabilities get refined, etc...
>
> Old rules releases are not regressed against newer engines, the  
> ultimate
> result is therefore undefined.
>
> Joel Esler wrote:
>> Yes, You can use older rules with a newer Snort, but not newer rules
>> with an older Snort.
>>
>> Why would you want to use older rules?  Can't you use the current  
>> ones?
>>
>> Joel
>>
>> On Mar 5, 2008, at 11:11 AM, Sven Wurth wrote:
>>
>>> Hi Snort-sigs
>>> Does anybody know if it’s possible to use old snort rules with a  
>>> newer
>>> snort?
>>> Example: vrt-rules in Version 2.6 and a snort 2.8
>>>
>>> Thanks
>>> Kind regards
>>> Sven
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Microsoft
>>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>>>
>>> Snort-sigs mailing list
>>> Snort-sigs at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>>
>> -- 
>> Joel Esler  joel.esler at ...435...
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs


--
Joel Esler  joel.esler at ...435...








More information about the Snort-sigs mailing list