[Snort-users] Snort 2.8.4 Now Available
mwatchinski at ...1935...
Wed Apr 8 17:29:18 EDT 2009
On Wed, Apr 8, 2009 at 4:41 PM, Seth Art <sethsec at ...11827...> wrote:
> On Wed, Apr 8, 2009 at 5:38 PM, Matt Watchinski
> <mwatchinski at ...1935...> wrote:
>> Given all that, here is exactly what is going to happen hopefully today.
>> 1. A new set of rule packages will be released. If you are a
>> subscriber and can get rules immediately the following will happen.
>> The 2.7 rule packages will contain all the OLD NETBIOS rules
>> The 2.8 rule packages will contain all the NEW NETBIOS rules
>> The CURRENT rule packages will contain all the NEW NETBIOS rules
> So to be clear, the snortrules-snapshot-2.8_s.tar.gz on snort.org now
> (md5sum: 6abf9bf635870cd68335c5d2a599a01e) does NOT have the the new
> netbios rules YET... right?
> wc -l netbios.rules
> 5828 netbios.rules
Correct not up yet.
> 1) How will we know when this new pack IS released?
Like you do with any other time, the md5 will change and we post a
release message here.
> 2) Will the NEW netbios rules use the same name -- netbios.rules? Or
> will I have to modify my snort.conf include statements
> ie: remove
> include $RULE_PATH/netbios.rules
> and add
> include $RULE_PATH/netbios-for-dce2.rules
> 3) Is the new dcerpc2 preproc backwards compatible? Can it read the
> old netbios rules? I guess if the answer to this question is yes, I
> have the answer to my next question.
dcerpc2 is backwards compatible. The old rules will still work with it.
> 4) If the 2.8_s with the NEW rules have not been released, and if the
> new preproc can not read the old netbios rules, doesn't that mean I
> can not push out the new binary and changes to snort.conf (enable
> dcerpc2 preproc) to my sensors yet?
Nope push, away. The old rules work just fine with the new dcerpc preprocessor.
Sr. Director Vulnerability Research Team (VRT)
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
More information about the Snort-users