[Snort-users] Snort rules touble.
andreaso at ...236...
Fri Jun 21 13:51:02 EDT 2002
On Fri, 21 Jun 2002, Erek Adams wrote:
> Many times when folks update new rules, they don't really read or understand
> the rules, they just say "Hey, look--It's commented out. I'll add it back in
> so that I'm running _all_ the rules--That way I'll be even _more_ protected!"
> That's not a Good Idea(tm). :) As our Rule Nazi (Cazz) has said "Things are
> commented out for a reason. Don't uncomment them unless you understand why
> they were commented out in the first place."
> There is a script that will update your rules that someone on the list has
> written. It works very well, except for one tiny quirk--By default, it
> uncomments any commented out rules. The author has already said that should
> be an option and not a default, so use caution when/if using scripts to update
> your rules. Heh... One more reason to do it yourself.... ;-)
Uhm... I'm... uhm... kind of guilty.
But I FINALLY fixed this a while ago:
(Perhaps this version should be released right away to avoid further
More information about the Snort-users