Snort is not a SIGNATURE BASED REACTIVE SECURITY DEVICE, users running Snort 2.3.x can use Oinkmaster to get new (VRT) rules if they have the need.
Those that say that Snort 2.3 with the default rules it provided (which are way more than the current "GPL" ruleset at snort.org) is useless have no idea about security. Snort is not an antivirus, it's an IDS, not having a signature for an attack does not mean it will not block it, as it cannot block any attacks (Snort-inline support) is not available in the Debian packages. It just means that the administrator will not get an alert. There's nothing preventing 2.3 users to update their signatures (or develop their own), they will just not get the benefit of new decoding modules. This is actually better than it sounds, since most of the recent Snort security vulnerabilties (remote attacks) are related to the latest and shiniest decoding modules. -- version of snort in universe is dead https://launchpad.net/bugs/56533 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
