--On Thursday, June 09, 2005 08:27:59 -0500 Eric Hines
<eric.hines@appliedwatch.com> wrote:
I can see two courses of action to prevent this in the future:
1) In the rule submission page at bleeding-edge, limit variable selection
to only those standard variables found in the official snort.conf file
that the user must adhere to.
2) Create the bleeding-edge snort.conf file and distribute it with the
tarballs.
What do I see as the best approach to this? Change Erik's signatures to be
the standard port 22 and go with option 1. How much work do we expect to
all do on behalf of the thousands of rules that come in to this project? I
personally wouldn't have time to create a new variable and add it to the
bleeding snort.conf file every time someone wants to create a
$MY_ELITE_VAR_BECAUSE_I_RUN_FTP_ON_PORT_2121_TO_AVOID_HACKS
I see a third. Don't use bleeding rules. Nobody is forcing you to do so,
and when you do, you do so at your own risk. Just as you do when you write
your own (which is what I do).
To paraphrase Eric Fichtner, "Grow up!"
But this horse was dead two days ago.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
