[Snort-users] Snort Rules Version Confusion

Paul Schmehl pauls at ...6838...
Thu Apr 14 08:48:02 EDT 2005


--On Thursday, April 14, 2005 04:19:06 PM +0900 Mark Sargent 
<powderkeg at ...11462...> wrote:

> Hi All,
>
> here, http://www.snort.org/dl/ I see the latest version as
> snort-2.3.2.tar.gz <http://www.snort.org/dl/current/snort-2.3.2.tar.gz>
> which I have installed, but, here,
> http://www.snort.org/pub-bin/downloads.cgi it has,
> Snort 2.4 or higher is required to run CURRENT. Is it me, or is that
> rather confusing..? Cheers.
>
It's only confusing to someone who is unfamiliar with software development 
cycles and terminology.

CURRENT usually means *the most current version*.  You might think of it as 
beta or even alpha.  It's bleeding-edge development stuff.

*Most* people will want to use STABLE, which is usually defined by the 
version of snort you're using - in your case 2.3.2.tar.gz.  If you look in 
pub-bin/downloads.cgi, you'll notice that there are several versions of the 
rules, including one version that ends in 2.3.2.tar.gz.  That is the 
version you should use.

You only use CURRENT rules if you are using the *very latest* version of 
snort from CVS, not a RELEASE (or STABLE) version.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list