[Snort-users] Detecting w3af scans
wkitty42 at ...14940...
Wed Sep 30 16:52:30 EDT 2015
On 09/30/2015 11:45 AM, Bruno PEPPER wrote:
> I am running snort (18.104.22.168 GRE (Build 47)) on ubuntu 14.04 in the IDS mode along with ET rules for 2.9
snort 22.214.171.124 is the oldest snort supported these days... there's also 126.96.36.199,
188.8.131.52 and the newly released 184.108.40.206 that are available...
if you're pulling from a repo, it might be best to see if there's an up-to-date
PPA available... if not, the recommendation is basically to get the code and
build your own from the sources... that way you can stay up to date and keep up
with the snort release policy which moves a lot faster than that available in
most *nix release update repos...
make sure you keep up with the https://www.snort.org/eol page to see which
snorts are still supported and have rules being updated for them...
the eol page doesn't even show 220.127.116.11 on it, at the time of this message
posting, and the rules for registered users for 18.104.22.168 are not yet available...
22.214.171.124 support goes away on 2015 Oct 20 according to the EOL page...
when a snort goes EOL, there's no more rules updates for them and the last set
of rules is removed... i /think/ the last set may be available for 30 days if
you are a registered user... i'm not sure about paying subscribers' access to
old rules, though...
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users