[Snort-users] Re: Status of Snort and the Rules - Stalled???

Francesco friscom at ...1877...
Thu Jul 24 22:36:08 EDT 2003


Recently.
ISS sent out this message to some of their customers and partners

(..)
I did some recent checking into our Network IDS competition and how they
went about protecting their customers from the new Microsoft vulnerability
(http://xforce.iss.net/xforce/alerts/id/147).  X-Force shipped XPUs for this
vulnerability and the big Cisco DoS already (7/18 and 7/19).  Here is how
everyone else stacks up:

  Symantec Manhunt 		No protection
  Cisco IDS  			No protection
  Netscreen  			No protection
  Intruvert/NAI  		No protection
  Snort  			No protection

(..)
The promotional purpose is clear but the content is not far from what 
everyone here would like to say first.

Now, the question everyone can ask is: what is the status with such 
rule/exploit?
Some of us are better than others to release  and support new rules. I had 
a look at the RPC rules, its status is : v. 1.46, released June 2003.

I'd like to contribute in an active manner, but maybe my resources are 
scarce on this side.
Nonetheless, some sort of priority could really be necessary in cases like 
this.

Comments?
Francesco






More information about the Snort-users mailing list