[Snort-users] Detecting w3af scans

waldo kitty wkitty42 at ...14940...
Wed Sep 30 16:52:30 EDT 2015


On 09/30/2015 11:45 AM, Bruno PEPPER wrote:
> Hi,
>
> I am running snort (2.9.6.0 GRE (Build 47)) on ubuntu 14.04 in the IDS mode along with ET rules for 2.9

snort 2.9.6.2 is the oldest snort supported these days... there's also 2.9.7.3, 
2.9.7.5 and the newly released 2.9.7.6 that are available...

if you're pulling from a repo, it might be best to see if there's an up-to-date 
PPA available... if not, the recommendation is basically to get the code and 
build your own from the sources... that way you can stay up to date and keep up 
with the snort release policy which moves a lot faster than that available in 
most *nix release update repos...

make sure you keep up with the https://www.snort.org/eol page to see which 
snorts are still supported and have rules being updated for them...

the eol page doesn't even show 2.9.7.6 on it, at the time of this message 
posting, and the rules for registered users for 2.9.7.6 are not yet available...

2.9.7.3 support goes away on 2015 Oct 20 according to the EOL page...

when a snort goes EOL, there's no more rules updates for them and the last set 
of rules is removed... i /think/ the last set may be available for 30 days if 
you are a registered user... i'm not sure about paying subscribers' access to 
old rules, though...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list