[Snort-users] Which rules to use for snort ?

matt mkettler at ...4108...
Mon Jun 3 13:01:01 EDT 2002

If you go to the whitehats site you will notice that while it is up and 
running, it has not changed in content since November of 2001. Until they 
start updating and running normally again I would suggest that you consider 
the vision rulesets to be OBSOLETE and present available as an archive for 
reference purposes only. ie: their vulnerability database may not be up to 
date, but their vulnerability descriptions are still an excellent resource 
to refer to.

(note: it may be a while before they start running normally with regular 
updates again. I don't know the details, but based on what little I know I 
would be a surprised to see it up and running normally again this year. Not 
to say it can't happen, and I really hope that they get going soon as it's 
a great site, but based on my somewhat uninformed opinions of the situation 
I would be surprised.)

At 03:20 PM 6/2/2002 -0400, Ronald Nutter wrote:
>I have recently started using Snort and am now a little confused.  I know
>about the rules for Snort that are on the Snort web site.  I have also come
>across rules for Snort on Whitehats.com. Which should I use ?  Is it
>possible to use both ?
>Don't miss the 2002 Sprint PCS Application Developer's Conference
>August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list