[Snort-users] Snort Users Yahoo Group

Jeff Nathan jeff at ...950...
Sun Jun 22 13:09:02 EDT 2003

Hash: SHA1

ISS's work was based on a paper written by Dave Meltzer.  Meltzer, being 
the individual who discovered the Linux binaries in the wild has already 
said the binaries he found do not match the behavior of the traffic he's 

In other words, they're A source, not THE source.

- -Jeff

- --On Saturday, June 21, 2003 09:33:15 -0700 "Roy S. Rapoport" 
<snort-users at ...9230...> wrote:

> On Fri, Jun 20, 2003 at 08:52:50PM -0700, Jeff Nathan wrote:
>> the list is slow.  Primary reasons?  The components most users want to
>> get  running are poorly documented and instead asking the authors of
>> these  systems for more complete documentation, sending a message to the
>> support  list for said component (Snortcenter, etc) or searching the
>> mailing list  archives of this list, people post directly to
>> snort-users.  Sourceforge is  also a bit slow but for a free service
>> it's rather remarkable.
>> In any case, the bulk of the traffic on this list is newbie traffic
>> asking  how to get ACID and/or snortcenter running.  There are only a
>> few  reasonable solutions to the problem.  Ask the developers of these
> Jeff is right about all these points.
> My perception is that traffic about in-depth management of Snort
> comprises of only about ~5-10% of overall traffic.  I don't think it's
> fair to say everything else is "How do I get ACID/SnortCenter working?"
> -- I think a fair amount of it is "How do I get Snort logging to MySQL?"
> -- but the problem is still that really, snort-users should be a rather
> low-volume list, and we need snort-newusers (or snort-setup) and then --
> *MAYBE* -- snort-3rdparty-setup (though for God's sake, with a better
> name than that).
> However, if we do go ahead and do this, I'd argue there's a need to have
> all three lists reside in the same place and advertised through
> snort.org.  I think the vast majority of people who land on this mailing
> list find it because they've downloaded snort from Snort.org and seen
> Snort's link to this mailing list.  It's foolish to wait until someone
> posts to say "hey, you should go to this other mailing list."
> As for the 3rd-party tools, I have to admit I didn't even notice ACID
> had its own user mailing list hosted on sourceforge.  Of course, of the
> 13 messages posted in June, it appears approximately 11 are spam, so
> it's obviously not being vigorously managed.  I do think we should start
> responding to ACID questions with "That's not appropriate for this
> mailing list," though I'm not sure we have enough cantankerous assholes
> to maintain that as a consistent tone.  I do very strongly support the
> idea of a mailing list for each widely-adopted tool.  I'm not sure
> what's going to happen in the case of SnortCenter.  I'm guessing Lars
> doesn't have a whole bunch of energy/desire to deal with the support
> side of it (and in the case of SC, I think there's a danger anyway
> because it is so dependent on the efforts of one person).
> -roy
> -------------------------------------------------------
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
Version: GnuPG v1.0.7 (OpenBSD)


More information about the Snort-users mailing list