[Snort-sigs] flowbits: netsenum
wkitty42 at ...3507...
Fri May 31 11:22:37 EDT 2013
On 5/31/2013 11:02, Joel Esler wrote:
> On May 30, 2013, at 8:18 PM, waldo kitty <wkitty42 at ...3507...
> <mailto:wkitty42 at ...3507...>> wrote:
>>> The vast majority of SO rules you can download the source for (it's included in
>>> the tarball) and compile on your own machine.
>> thanks for the clarification! things didn't used to be this way but now that
>> things have changed, it may be easier for us to provide the SO rules for our
>> limited and closed environment... it is something that i will endeavor to dig
>> into more and see what is what :)
> We started putting all rules out as "open" two years ago.
ahhh... shows how long ago it was that i stopped fighting that particular battle ;)
oh... uhhh... to implement SO rules, that means that one has to have compiling
capability installed on the system, right? in a secure firewall environment,
that's not going to fly at all... it gives much too much capabilities if someone
does happen to get into the machine... weekly updates of the rules are currently
implemented for those that choose to use that capability... others much update
their rules manually... hummm... how to provide for SO rules usage in such an
FWIW: i don't recall seeing an announcement concerning the above SO rules being
"open" in any of the snort-* lists but i might easily have missed it... i rarely
visit "blogs" and i don't "do" RSS feeds... generally speaking, if i can't get
it in email, i don't get it at all... not being ugly there... just honest... i
spend close to 85% of my time in email (like this) unless i'm coding which then
takes %1000 of my time ;) the other %15 of my time when i'm not coding may be
spent visiting a few special interest web sites, testing software or maintaining
the systems under my control...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-sigs