[Snort-sigs] recent vrt updates disable many rules (web-iis, web-cgi, web-misc etc)

Alex Kirk akirk at ...435...
Sun Apr 25 22:47:36 EDT 2010


The VRT has been conducting reviews of the default policies of late - both
those included in the metadata fields and the implied policies of commented
out vs. not commented out. There are a number of rules that, in their time,
were very useful, but are no longer, due to their age - many of these rules,
for example, were for vulnerabilities 5 or more years old. Given that
running a tighter, more focused ruleset is likely to produce more useful
alerts, and given that a number of users simply accept the VRT defaults
without much further thought, we decided it was best to turn off some of our
older rules, where the probability of a successful attack has become
exceedingly low.

Anyone who wants these rules, of course, is free to turn them right back on.
That's the beauty of running your own IDS - you need not accept the VRT's
judgments as your own if you don't want to.

On Sun, Apr 25, 2010 at 3:53 AM, monitz <mmonitz at ...2420...> wrote:

> hello
> i have noticed that the recent VRT update (08 april i think) comments out
> many sigs
> i can not find an announcment or explenation for this.
>
> does anyone have any idea why this happens?
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>


-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk at ...435...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100425/3f8a69a2/attachment.html>


More information about the Snort-sigs mailing list