[Snort-users] Logically truncated snortrules-snapshot tarball [was: Re: Snort Rule Downloading]

Brian bmc at ...950...
Tue May 4 11:21:05 EDT 2004


On Mon, May 03, 2004 at 01:18:37PM -0400, Kristofer T. Karas wrote:
> Unfortunately the glowing news is premature.  Yes, a new 
> snortrules-snapshot-2_1.tar.gz was released for everybody using a 
> production 2.1.x snort; and it does contain some updates and a 
> sid-msg.map with 2378 unique SIDs.  However, the *.rules files in the 
> tarball only contain 2334 unique rules.  In particular, all the new 
> rules that detect Sasser (e.g. 2514) are missing!
> 
> Whoever it is who maintains the downloadable rules should take a look 
> pronto.  Those of us *not* using the CVS version of snort are out in the 
> cold.

Yes, as I said on snort-sigs, 2.1.0 does NOT support features required
for the rules that detect Sasser.  As such, the 2.1 rule snapshots do
NOT include rules for Sasser.

If you have 2.1.2 or 2.1.3RC1, you should be OK using CURRENT for now.
This whole mess is caused because our version numbering is all wacky.

One of these days we will get it right.

Brian




More information about the Snort-users mailing list