On Mon, Aug 25, 2003 at 02:27:41AM +0100, Steve Kemp wrote:
>   (Essentially apt-get + apt-cache for snort rules.  Clearly packaging a
>   single rule file within one package is a gross misuse of resources but
>   it might be sufficient if they were signed and hosted somewhere
>   sensible..)

Such a system as you describe would be fine, and should somehow be
incorporated into the Debian release design (especially since snort is
by no means the only package that would benefit) but it doesn't get you
around the current issue, which is that there simply are no new rules
being developed for woody's snort.

I can think off-hand of at least one other security related tool that
needs frequent updating of a ruleset: nessus.  It is an active probing
tool that scans a network for vulnerable systems.  If it doesn't have a
current set of rules, it may fail to identify vulnerable systems,
leading to the same issues that snort has.


Attachment: pgp0miX4DCekT.pgp
Description: PGP signature

Reply via email to