Snort mailing list archives
Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody?
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 21 Mar 2011 12:10:17 -0400
That makes sense. That's basically Marty's #2 point. I'd say the porn.rules files can be re-sid'ed (referencing Jason's problem) as VRT has dropped those completely, as well as other improved rules can be re-sid. J On Mon, Mar 21, 2011 at 12:02 PM, Martin Holste <mcholste () gmail com> wrote:
How about this: if a rule needs an update/change, then it gets created as a new rule and the old one is disabled from now on until the GPL set has been metamorphosized into either VRT/ET normal rule sets. On Mon, Mar 21, 2011 at 10:55 AM, Weir, Jason <jason.weir () nhrs org> wrote:But in the case of this rule #1313 - VRT no longer distributes it.. They retired it - but ET still has at least 6 versions of it. Say I'm a VRT subscriber, so I get their GPL rules - I also wanna run the ET rules so I get their Open-NoGPL rules.. I don't get #1313 - what else don't I get? See the problem here - ET is already maintaining those rules and by porting them to Suricata they have already forked them.. You can't push a Suricata only modification back up the chain to VRT. The rule sets need to stand on their own... And that means different sid ranges across the board... -J-----Original Message----- From: emerging-sigs-bounces () emergingthreats net [mailto:emerging-sigs-bounces () emergingthreats net] On Behalf Of evilghost () packetmail net Sent: Monday, March 21, 2011 11:43 AM To: Martin Roesch Cc: emerging-sigs () emergingthreats net; snort-users () lists sourceforge net; Matthew Jonkman Subject: Re: [Emerging-Sigs] [Snort-users] GPL rules - who maintains them?Nobody? On 03/21/11 10:26, Martin Roesch wrote:Am I missing a case here?Yeah, this is an obtuse approach. There are two ET rule packs, Open and Open-NoGPL. They are just that, users of VRT who get the GPL rules would use Open-NoGPL. ET-only folks would use Open, which would include the GPL rules. I don't understand the point behind re-SID and duplication, patching, etc. If the changes made to a "ET" GPL rule make sense, why wouldn't VRT want to consider it for inclusion/update? Vice versa. There's no point to fork when adjustments are made to enhance detection, improve performance, or reduce false positives. Why wouldn't VRT want an improved rule? Do you really suggest we ask dual-subscribers (VRT, and ET) to run two sets of the same rule, one stagnated and legacy, the other an updated re-SID of the same rule? - -evilghost_____________________________________________________________________________________________Please visit www.nhrs.org to subscribe to NHRS email announcements andupdates._______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Prohttp://www.emergingthreatspro.comThe ONLY place to get complete premium rulesets for Snort 2.4.0 throughCurrent!_______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody?, (continued)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Jason Brvenik (Mar 19)
- Message not available
- Message not available
- Message not available
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? evilghost () packetmail net (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Weir, Jason (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Martin Holste (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? waldo kitty (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Joel Esler (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them?Nobody? Nigel Houghton (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Martin Roesch (Mar 21)
- Re: [Emerging-Sigs] GPL rules - who maintains them? Nobody? Matthew Jonkman (Mar 21)