[Snort-users] Snort 2.8.4 Now Available
sethsec at ...11827...
Wed Apr 8 16:41:06 EDT 2009
On Wed, Apr 8, 2009 at 5:38 PM, Matt Watchinski
<mwatchinski at ...1935...> wrote:
> Given all that, here is exactly what is going to happen hopefully today.
> 1. A new set of rule packages will be released. If you are a
> subscriber and can get rules immediately the following will happen.
> The 2.7 rule packages will contain all the OLD NETBIOS rules
> The 2.8 rule packages will contain all the NEW NETBIOS rules
> The CURRENT rule packages will contain all the NEW NETBIOS rules
So to be clear, the snortrules-snapshot-2.8_s.tar.gz on snort.org now
(md5sum: 6abf9bf635870cd68335c5d2a599a01e) does NOT have the the new
netbios rules YET... right?
wc -l netbios.rules
1) How will we know when this new pack IS released?
2) Will the NEW netbios rules use the same name -- netbios.rules? Or
will I have to modify my snort.conf include statements
3) Is the new dcerpc2 preproc backwards compatible? Can it read the
old netbios rules? I guess if the answer to this question is yes, I
have the answer to my next question.
4) If the 2.8_s with the NEW rules have not been released, and if the
new preproc can not read the old netbios rules, doesn't that mean I
can not push out the new binary and changes to snort.conf (enable
dcerpc2 preproc) to my sensors yet?
More information about the Snort-users