On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote: > No. New attacks represent security threats. Old attacks represent > curiosities, at best (i.e. have you seen any Redhat 6.2 rpc.statd attacks > lately?) > > An intrusion detection system that can not detect known intrusions is not > useful.
The snort in stable _can_ detect known intrusions. It cannot detect _all_ known intrusions, but if an IDS which cannot detect _all_ known intrusions is not useful, then no version of snort is useful. Once snort gets to the point where new rules are usually compatible with the old engine, I think this problem can be addressed by a process to update the rules. -- - mdz