Home page logo
/

snort logo Snort mailing list archives

Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 21:48:40 -0400

What versioning in Snort rules do you all find to be acceptable?

Take into account that there is no way we can maintain every version of every build and I am committing to nothing, I 
would just like to hear some constructive ideas. 


Sent from my iPhone

On Nov 3, 2010, at 9:16 PM, "evilghost () packetmail net" <evilghost () packetmail net> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

several of my projects are current stuck at 2.8.6.1 with NO WAY to move forward 
due to the forced updates in certain sources that snort has gone... it bites 
huge uglies and many of my clients are extremely upset... you don't hear it but 
i sure do :( :( :(

I made the 2.9.0.1 jump, abandoning Paul Woods mmap libpcap 0.9.8 and using DAQ
compiled with only AFPACKET (these are 32bitCentOS 5 boxes, I did not want to do
the libpcap 1.0.0 song and dance).  Check the Snort mailing list, evidently
CentOS x64 has some issues with AFPACKET.

I also disabled SO rules.  AFPACKET alone seems to be doing well and all in all
it wasn't too difficult.  There is a noticible decrease in CPU utilization,
perhaps 30% or more.  It's difficult to attribute this to a specific action
since so many variables changed (introduction of 2.9.0.1, AFPACKET, DAQ, and
disabling SO rules).

I do get tired of constantly feeling like I'm hurried into an update and the
lack of fixing the http reassembly issue regarding http_inspect on 2.8.6.1 hurt
me.  I'm constantly in a state of instability and flux because of aggressive
(and really asinine) support schedules.  I'm now using DAQ with AFPACKET;
something I'm not used to, and change takes a while to validate it's successful.

I figured I'd offer this up to the group in the event you weren't aware you
could compile DAQ with AFPACKET only.  Oddly enough Snort 2.9.0.1 had no issues
compiling against libpcap-0.9.8 -- only DAQ complained.

- -evilghost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJM0gmAAAoJENgimYXu6xOH/OUP/0Uhy73zPAfXjaPN95WlZV3U
QN4XHg+xwndw5Ee7jEXoUijwCwQlPDkg9w2V9L59od5lDxtJL1tnMyEc7cf9n2vF
GZDBB5ZLNmLX2RMhl4QQN8vJGVKKRz4m5IDGsVWx08VMOvkeJe8C9IDmu6l0J2qg
Z9N4FHLGWthme8XSbg2Mz+fZcCk5pxwSN5+BJv3958r9EaSC6k1uz5XF/B2DXWgC
SqzOsuXAz9XEq9SGShgbjQ2/11P0JwOonc956kioOigUkiTsEs8cmxW1AKslmvbt
KaFCvPwxnbo7JYQT/canfQgCvMOhgp5i9QW6TiXtoc6mm9dlVVCaeu7ro/m1CFpb
Pq3lx4f8I43lmsrdUOGXuxqoMom+6tteV1fX1E9dqEukDep8yOvzXd+3lQvk+LLH
lfUNDbR1i72jETA6USEOShVsi5KNJqGN2XhwV9+RH6Iti0Sw5FIsnvec0i5zYuzW
FZ/BvJQeVDJdNyptQNbI3qWlAu2hUqyAOyIiTeixV2/9YVrNqDXAcBHzrZyGZYAm
B5lL2lNUirb6btDvnaU2PaJqwByAcVyodeBsfOO1GeNh7+T+RfMCkVTy/AQbXPD0
A6nqQS5fxo4Vw+wP6Xpkbly+RDeASrlZoljPqkaMofG43ECbqCD4I6VJPbrDs+3s
KJ2opZ3O7niKxOynVZac
=/fS9
-----END PGP SIGNATURE-----


_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html

------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault