Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]): [Short version: see the patch below.] (after a few days w/o answers from Snort's maintainer) Sander, any comments wrt to this patch? Please at least say wether you are going to forward this to Snort maintainers or use it in

Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

On Tue, Aug 26, 2003 at 01:29:31AM +0200, Javier Fernández-Sanguino Peña wrote: [Short version: see the patch below.] (after a few days w/o answers from Snort's maintainer) Sander, any comments wrt to this patch? Please at least say wether you are going to forward this to Snort maintainers

Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote: No. New attacks represent security threats. Old attacks represent curiosities, at best (i.e. have you seen any Redhat 6.2 rpc.statd attacks lately?) An intrusion detection system that can not detect known intrusions is not

Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

On Tue, Aug 26, 2003 at 12:24:11AM +0200, Sander Smeenk wrote: This problem only exists for snort packages that aren't going to be updated, like the ones that reach stable. The unstable package is up to date enough to have all correct rules, imho. The other thing is, snort.org's people

On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

On Sun, Aug 24, 2003 at 07:32:10PM -0400, Noah L. Meyerhans wrote: Snort depends on a set of rules to detect potentially malicious traffic. Obviously this set of rules needs to be updates on a regular basis in order to keep up with new security issues. The problem is that the version of

Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

On Mon, Aug 25, 2003 at 01:56:40PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: That's not correct, it cannot detected _new_ potentially harmful traffic. There's quite a lot of potentially harmful traffic (stable) snort can detect. The fact that it's not up-to-date does not mean that it's

Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

On Tue, Aug 26, 2003 at 12:24:11AM +0200, Sander Smeenk wrote: Really, the way to fix this package X needs data Y to be up-to-date is to: a) separate data from the package (Nessus plugins are available in the 'nessus-plugins' package and can be updated separately, for example) snort has

Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]): Thus, it can't detect potentially harmful traffic. That's not correct, it cannot detected _new_ potentially harmful traffic. There's quite a lot of potentially harmful traffic (stable) snort can detect. The fact that it's not