[Snort-users] Snort 2.8.4 Now Available

Nigel Houghton nhoughton at ...1935...
Wed Apr 8 13:26:01 EDT 2009


On Wed, Apr 8, 2009 at 12:51 PM, John Duksta <jduksta at ...11827...> wrote:
>
> Joel (or someone else at SF):
>
> Can we some guidance as to whether the snapshot_2.8_s rules going forward
> are going to utilize the dcerpc2 enhancements (i.e. lose the 5K netbios
> rules that just went away with SF SEU 216), and if so, will the new dcerpc2
> ruleset break earlier 2.8 releases?
>
> Based on the rule maintenance language[1], it sound like it might do so, but
> I suppose it really depends on the content of the rules.
>
> Thanks,
> -j
>
> [1] <quote>Snort rule packages for Subscribers and Registered users track
> the latest feature set for any Major.X release. This means that rule
> packages can contain features that only exist in the latest version of snort
> for a given Major.X release. A simple example is:
>
> If 2.6.1.5 is the current version of snort then the snortrules-snapshot-2.6
> packages might utilize features not supported in 2.6.1.4 and earlier.
>
> Additionally the word CURRENT does not mean "current" as in the English
> dictionary meaning. It mean CURRENT in the BSD source code repository
> meaning. CURRENT tracks SNORT CVS CURRENT, i.e. the the unstable, possibly
> broken version of snort. If you download CURRENT and are not running this
> version of snort, your snort install will break</quote>

All your questions will be answered shortly. Stay tuned.

-- 
Nigel Houghton
Head Mentalist
SF VRT
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list