[Snort-sigs] [Emerging-Sigs] [Snort-devel] Snort 220.127.116.11 Now Available
jesler at ...435...
Wed Nov 3 21:48:40 EDT 2010
What versioning in Snort rules do you all find to be acceptable?
Take into account that there is no way we can maintain every version of every build and I am committing to nothing, I would just like to hear some constructive ideas.
Sent from my iPhone
On Nov 3, 2010, at 9:16 PM, "evilghost at ...3397..." <evilghost at ...3397...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> several of my projects are current stuck at 18.104.22.168 with NO WAY to move forward
>> due to the forced updates in certain sources that snort has gone... it bites
>> huge uglies and many of my clients are extremely upset... you don't hear it but
>> i sure do :( :( :(
> I made the 22.214.171.124 jump, abandoning Paul Woods mmap libpcap 0.9.8 and using DAQ
> compiled with only AFPACKET (these are 32bitCentOS 5 boxes, I did not want to do
> the libpcap 1.0.0 song and dance). Check the Snort mailing list, evidently
> CentOS x64 has some issues with AFPACKET.
> I also disabled SO rules. AFPACKET alone seems to be doing well and all in all
> it wasn't too difficult. There is a noticible decrease in CPU utilization,
> perhaps 30% or more. It's difficult to attribute this to a specific action
> since so many variables changed (introduction of 126.96.36.199, AFPACKET, DAQ, and
> disabling SO rules).
> I do get tired of constantly feeling like I'm hurried into an update and the
> lack of fixing the http reassembly issue regarding http_inspect on 188.8.131.52 hurt
> me. I'm constantly in a state of instability and flux because of aggressive
> (and really asinine) support schedules. I'm now using DAQ with AFPACKET;
> something I'm not used to, and change takes a while to validate it's successful.
> I figured I'd offer this up to the group in the event you weren't aware you
> could compile DAQ with AFPACKET only. Oddly enough Snort 184.108.40.206 had no issues
> compiling against libpcap-0.9.8 -- only DAQ complained.
> - -evilghost
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> -----END PGP SIGNATURE-----
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
More information about the Snort-sigs