[Snort-users] Snort 2.8.4 Now Available

Seth Art sethsec at ...11827...
Wed Apr 8 16:41:06 EDT 2009


On Wed, Apr 8, 2009 at 5:38 PM, Matt Watchinski
<mwatchinski at ...1935...> wrote:

> Given all that, here is exactly what is going to happen hopefully today.
>
> 1. A new set of rule packages will be released.  If you are a
> subscriber and can get rules immediately the following will happen.
>
> The 2.7 rule packages will contain all the OLD NETBIOS rules
> The 2.8 rule packages will contain all the NEW NETBIOS rules
> The CURRENT rule packages will contain all the NEW NETBIOS rules

So to be clear, the snortrules-snapshot-2.8_s.tar.gz on snort.org now
(md5sum: 6abf9bf635870cd68335c5d2a599a01e) does NOT have the the new
netbios rules YET... right?

wc -l netbios.rules
5828 netbios.rules

1) How will we know when this new pack IS released?

2) Will the NEW netbios rules use the same name -- netbios.rules? Or
will I have to modify my snort.conf include statements
ie: remove
include $RULE_PATH/netbios.rules
and add
include $RULE_PATH/netbios-for-dce2.rules

3) Is the new dcerpc2 preproc backwards compatible?  Can it read the
old netbios rules? I guess if the answer to this question is yes, I
have the answer to my next question.

4) If the 2.8_s with the NEW rules have not been released, and if the
new preproc can not read the old netbios rules, doesn't that mean I
can not push out the new binary and changes to snort.conf (enable
dcerpc2 preproc) to my sensors yet?

Thanks,

Seth




More information about the Snort-users mailing list