mailing list archives
Re: [Emerging-Sigs] [Snort-devel] Snort 126.96.36.199 Now Available
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 3 Nov 2010 21:48:40 -0400
What versioning in Snort rules do you all find to be acceptable?
Take into account that there is no way we can maintain every version of every build and I am committing to nothing, I
would just like to hear some constructive ideas.
Sent from my iPhone
On Nov 3, 2010, at 9:16 PM, "evilghost () packetmail net" <evilghost () packetmail net> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
several of my projects are current stuck at 188.8.131.52 with NO WAY to move forward
due to the forced updates in certain sources that snort has gone... it bites
huge uglies and many of my clients are extremely upset... you don't hear it but
i sure do :( :( :(
I made the 184.108.40.206 jump, abandoning Paul Woods mmap libpcap 0.9.8 and using DAQ
compiled with only AFPACKET (these are 32bitCentOS 5 boxes, I did not want to do
the libpcap 1.0.0 song and dance). Check the Snort mailing list, evidently
CentOS x64 has some issues with AFPACKET.
I also disabled SO rules. AFPACKET alone seems to be doing well and all in all
it wasn't too difficult. There is a noticible decrease in CPU utilization,
perhaps 30% or more. It's difficult to attribute this to a specific action
since so many variables changed (introduction of 220.127.116.11, AFPACKET, DAQ, and
disabling SO rules).
I do get tired of constantly feeling like I'm hurried into an update and the
lack of fixing the http reassembly issue regarding http_inspect on 18.104.22.168 hurt
me. I'm constantly in a state of instability and flux because of aggressive
(and really asinine) support schedules. I'm now using DAQ with AFPACKET;
something I'm not used to, and change takes a while to validate it's successful.
I figured I'd offer this up to the group in the event you weren't aware you
could compile DAQ with AFPACKET only. Oddly enough Snort 22.214.171.124 had no issues
compiling against libpcap-0.9.8 -- only DAQ complained.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a
Billion" shares his insights and actions to help propel your
business during the next growth cycle. Listen Now!
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
- Re: [Emerging-Sigs] [Snort-devel] Snort 126.96.36.199 Now Available Joel Esler (Nov 04)