[Snort-users] Snort 2.8.4 Now Available

John Duksta jduksta at ...11827...
Wed Apr 8 12:51:44 EDT 2009


Joel (or someone else at SF):

Can we some guidance as to whether the snapshot_2.8_s rules going forward
are going to utilize the dcerpc2 enhancements (i.e. lose the 5K netbios
rules that just went away with SF SEU 216), and if so, will the new dcerpc2
ruleset break earlier 2.8 releases?

Based on the rule maintenance language[1], it sound like it might do so, but
I suppose it really depends on the content of the rules.

Thanks,
-j

[1] <quote>Snort rule packages for Subscribers and Registered users track
the latest feature set for any Major.X release. This means that rule
packages can contain features that only exist in the latest version of snort
for a given Major.X release. A simple example is:

If 2.6.1.5 is the current version of snort then the snortrules-snapshot-2.6
packages might utilize features not supported in 2.6.1.4 and earlier.

Additionally the word CURRENT does not mean "current" as in the English
dictionary meaning. It mean CURRENT in the BSD source code repository
meaning. CURRENT tracks SNORT CVS CURRENT, i.e. the the unstable, possibly
broken version of snort. If you download CURRENT and are not running this
version of snort, your snort install will break</quote>

-- 
John Duksta <jduksta at ...11827...>
Can't sleep, clowns will eat me.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090408/77420292/attachment.html>


More information about the Snort-users mailing list