[Snort-sigs] threshold --> detection_filter

evilghost at ...3397... evilghost at ...3397...
Fri Sep 18 13:53:22 EDT 2009


Jason, in addition to this there is a VRT announcement indicating 
support for shared object precompiled rules in the Sept 17 VRT release 
for Snort 2.8.5, I cannot find this in either VRT subscription-release 
tar-gzip, only 2.8.4 and 2.8.4.1, can VRT please comment on this as this 
halts going forward with 2.8.5.  I only see precompiled shared object 
rules for the 2.8.4 and 2.8.4.1 released.

http://www.snort.org/vrt/advisories/2009/09/17/vrt-rules-2009-09-17.html

-evilghost

Jason Wallace wrote:
> OK, I guess I'll be the first one to ask...
>
> After my new install of snort-2.8.5 failed to start with...
>
> Warning: /etc/snort/rules/vrt/dns.rules(59) => threshold (in rule) is
> deprecated; use detection_filter instead.
>
> And then reading...
>
> README.filters
>
> It looks to me like I need to replace...
>
> "threshold:type limit,"
> "threshold: type threshold,"
> "threshold: type both,"
>
> with... "detection_filter:" in all the rules that use a threshold.
>
> Q1)
> Is that an accurate statement of what I need to do with these rules?
>
> Q2)
> When will snortrules-snapshot-CURRENT.tar.gz for registered users be
> updated with these changes?
>
> Q3)
> Shouldn't that have been done prior to/at the time of the release of 2.8.5?
>
> thx,
> Wally
>
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry® Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>   




More information about the Snort-sigs mailing list