[Snort-users] current rules that work in snort 1.7
vision at ...4...
Fri Apr 27 23:00:49 EDT 2001
There have been quite a few cool new additions to Snort since the 1.7
release, and as many have found out the hard way, the available rulesets
have started to include functionality that is only available to Snort 1.8
beta users. Oops! Turns out that was a bad idea.
To address this problem, arachNIDS now exports a snort 1.7 and snort 1.8
compatible signature file. Since there are no signatures actually stored
in the database (all "signatures" are dynamically created in realtime from
other information in the database), this was really straightforward.
The new features that had creeped into the snort 1.8 ruleset are the
plugins "telnet_decode", "rpc_decode", "bo", "stream2" and the keywords
"classtype", "reference", and "uricontent". Appropriate equivalents are
used in the backwards-compatible ruleset so Snort 1.7 users can enjoy the
more recent rule additions.
The new rulesets are available at:
default is compatible with snort 1.7:
version for snort 1.7 (same as above):
version for snort 1.8+:
More information about the Snort-users