[Snort-sigs] Recent Rule Changes

John York YorkJ at ...855...
Thu Jul 1 10:08:01 EDT 2010


Joel allegedly said:
>Date: Wed, 30 Jun 2010 18:43:50 -0400
>From: Joel Esler <jesler at ...435...>
>Subject: [Snort-sigs] Recent Rule Changes

<snip>

>For the Subscriber and Registered releases of Snort 2.8.6.0 and Snort 2.8.5.3, the download links >would look as
>follows:

>Subscriber Release
>http://www.snort.org/sub-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
>http://www.snort.org/sub-rules/snortrules-snapshot-2853.tar.gz/OINKCODE

>Registered User Release
>http://www.snort.org/reg-rules/snortrules-snapshot-2860.tar.gz/OINKCODE
>http://www.snort.org/reg-rules/snortrules-snapshot-2853.tar.gz/OINKCODE

>You will notice in the above urls the difference in between the two "sub-rules" vs. "reg-rules".  >You will also notice something else, we no longer have "_s" in the URL anymore.  Many people were >getting confused in the difference, and we wanted to clear that up by changing the URL easier to >recognize.

<snip>

I've been troubleshooting other problems I'm having downloading rules with pulledpork.  Either I'm misunderstanding the thread that tells what the new url's are, I'm misreading the pulledpork 0.4.2 perl code, or pulledpork has a bug.  It looks to me that it always downloads reg-rules, and doesn't have any way in the config file to specify reg-rules or sub-rules...

Thanks
John




More information about the Snort-sigs mailing list