[Snort-users] Snort Users Yahoo Group
jeff at ...950...
Sun Jun 22 13:09:02 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
ISS's work was based on a paper written by Dave Meltzer. Meltzer, being
the individual who discovered the Linux binaries in the wild has already
said the binaries he found do not match the behavior of the traffic he's
In other words, they're A source, not THE source.
- --On Saturday, June 21, 2003 09:33:15 -0700 "Roy S. Rapoport"
<snort-users at ...9230...> wrote:
> On Fri, Jun 20, 2003 at 08:52:50PM -0700, Jeff Nathan wrote:
>> the list is slow. Primary reasons? The components most users want to
>> get running are poorly documented and instead asking the authors of
>> these systems for more complete documentation, sending a message to the
>> support list for said component (Snortcenter, etc) or searching the
>> mailing list archives of this list, people post directly to
>> snort-users. Sourceforge is also a bit slow but for a free service
>> it's rather remarkable.
>> In any case, the bulk of the traffic on this list is newbie traffic
>> asking how to get ACID and/or snortcenter running. There are only a
>> few reasonable solutions to the problem. Ask the developers of these
> Jeff is right about all these points.
> My perception is that traffic about in-depth management of Snort
> comprises of only about ~5-10% of overall traffic. I don't think it's
> fair to say everything else is "How do I get ACID/SnortCenter working?"
> -- I think a fair amount of it is "How do I get Snort logging to MySQL?"
> -- but the problem is still that really, snort-users should be a rather
> low-volume list, and we need snort-newusers (or snort-setup) and then --
> *MAYBE* -- snort-3rdparty-setup (though for God's sake, with a better
> name than that).
> However, if we do go ahead and do this, I'd argue there's a need to have
> all three lists reside in the same place and advertised through
> snort.org. I think the vast majority of people who land on this mailing
> list find it because they've downloaded snort from Snort.org and seen
> Snort's link to this mailing list. It's foolish to wait until someone
> posts to say "hey, you should go to this other mailing list."
> As for the 3rd-party tools, I have to admit I didn't even notice ACID
> had its own user mailing list hosted on sourceforge. Of course, of the
> 13 messages posted in June, it appears approximately 11 are spam, so
> it's obviously not being vigorously managed. I do think we should start
> responding to ACID questions with "That's not appropriate for this
> mailing list," though I'm not sure we have enough cantankerous assholes
> to maintain that as a consistent tone. I do very strongly support the
> idea of a mailing list for each widely-adopted tool. I'm not sure
> what's going to happen in the case of SnortCenter. I'm guessing Lars
> doesn't have a whole bunch of energy/desire to deal with the support
> side of it (and in the case of SC, I think there's a danger anyway
> because it is so dependent on the efforts of one person).
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
http://cerberus.sourcefire.com/~jeff (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users