[Snort-sigs] flowbits: netsenum

waldo kitty wkitty42 at ...3507...
Fri May 31 11:22:37 EDT 2013

On 5/31/2013 11:02, Joel Esler wrote:
> On May 30, 2013, at 8:18 PM, waldo kitty <wkitty42 at ...3507...
> <mailto:wkitty42 at ...3507...>> wrote:
>>> The vast majority of SO rules you can download the source for (it's included in
>>> the tarball) and compile on your own machine.
>> thanks for the clarification! things didn't used to be this way but now that
>> things have changed, it may be easier for us to provide the SO rules for our
>> limited and closed environment... it is something that i will endeavor to dig
>> into more and see what is what :)
> We started putting all rules out as "open" two years ago.

ahhh... shows how long ago it was that i stopped fighting that particular battle ;)

oh... uhhh... to implement SO rules, that means that one has to have compiling 
capability installed on the system, right? in a secure firewall environment, 
that's not going to fly at all... it gives much too much capabilities if someone 
does happen to get into the machine... weekly updates of the rules are currently 
implemented for those that choose to use that capability... others much update 
their rules manually... hummm... how to provide for SO rules usage in such an 

FWIW: i don't recall seeing an announcement concerning the above SO rules being 
"open" in any of the snort-* lists but i might easily have missed it... i rarely 
visit "blogs" and i don't "do" RSS feeds... generally speaking, if i can't get 
it in email, i don't get it at all... not being ugly there... just honest... i 
spend close to 85% of my time in email (like this) unless i'm coding which then 
takes %1000 of my time ;) the other %15 of my time when i'm not coding may be 
spent visiting a few special interest web sites, testing software or maintaining 
the systems under my control...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

More information about the Snort-sigs mailing list