[Snort-users] rules update schedule (was: Re: so_rule problem)

waldo kitty wkitty42 at ...14940...
Fri Oct 1 13:35:59 EDT 2010


On 10/1/2010 13:14, Nigel Houghton wrote:
> On Fri, 01 Oct 2010 12:37:14 -0400, waldo kitty wrote:
>> i had similar discussion to this some time back in another venue and
>> at that time the question was does VRT update the "registered" rules
>> snapshot every day so that there's a "rolling release" or do they
>> simply wait and do one release every 30 days... AIR, no one ever
>> answered that question or provided a pointer to where it might be
>> answered...
>
> Didn't see that question, but to answer it. The roll over is automatic.

yeah, i think it was before i joined the SF lists so you're off the hook :P

i guess what i'm really trying to dig out is the answers to the following 
questions...

1. are rules released daily or are they held and released in batches once a week 
or month?

2. can you list possible reasons why an initial update connection may be 403'd 
and the 15 minute delay initiated?

3. is it possible that even after waiting out the 15 minute delay that one might 
be 403'd again?

4. will we see the return of the reason for the 403 and the try again in X 
minutes in the 403 messages or will they remain plain jane 403's with no 
information that can be passed back to the user via message or logs?

the answers could greatly help with eliminating unnecessary updating schedules 
and traffic...

thanks for your time and attention in this! ;)




More information about the Snort-users mailing list