From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: Update for Snort and daq Date: Sat, 03 Nov 2012 14:51:27 +0100 Message-ID: <5095215F.4070300@ipfire.org> In-Reply-To: <62F9B174-A6BC-4393-9D16-46517F51C4F1@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5093918062910425011==" List-Id: --===============5093918062910425011== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Erik, I've downloaded your image and installed it on a Virtual Machine. Set up the new snort with the ruleset from emerginthreads.net without=20 any problems. I activated the scan rules, and tested them by scanning the system with=20 nmap - snort successfully generated messages on the alert log file. I also tested if guardian also work with the new version of snort, and=20 the IP address of the "nmap system" has been blocked. Best regards, Stefan > Hi Michael, > i have tested some ICMP and Shellcode rules. The rules needs to be activate= d for special purposes by clicking the category and selecting the specifics. = The test has been done with the VRT sourcefire rules (for registrated users) = so far the alerts are working and they are also displayed by the WUI. But i t= hink it is important that more testing environments go for a checkout. > Also i have checked the logs for specific warnings and errors and i haven= =C2=B4t found some errors or heavily warnings only some old well known messag= es which doesn=C2=B4t constrain the functionality of Snort. > > But as i said the more people are testing the better it is > > Erik > > Am 01.11.2012 um 17:52 schrieb Michael Tremer: > >> Hey, >> >> I would love to see some people testing this, because snort is scheduled >> for the next core update. >> >> Arne is going to merge this soon and so I guess that there will be a few >> days until this appears in the testing tree. >> >> Michael >> >> On Thu, 2012-11-01 at 17:16 +0100, Erik K. wrote: >>> Hi all, >>> i want to inform you that i have commit an update to the latest version o= f Snort 2.9.3.1 and also of daq 1.1.1 . There has been a lot of changes for = example the configuration file from Snort has been changed, also there are a = couple of new rules contained and some more. Patches and an .iso Image with b= oth updates can be found in the Bugtracker --> https://bugzilla.ipfire.org/sh= ow_bug.cgi?id=3D10255 >>> >>> Please test it and leave some feedback. >>> >>> Thanks and greetings >>> >>> Erik >>> >>> > _______________________________________________ > Development mailing list > Development(a)lists.ipfire.org > http://lists.ipfire.org/mailman/listinfo/development > --===============5093918062910425011==--