Snort
Alessandro Tanasi
alessandro at lonerunners.net
Fri Jul 6 16:46:08 BST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
i am a MOTU hopeful and a great snort user.
I see that snort package in Ubuntu is very old (and bugged), it is
version 2.3.3-9 where the actual snort version from http://www.snort.org
is 2.6.1.5.
This is caused from this Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320920
Snort is released under the GPL and up to and including version 2.3.3
included a ruleset. But since then only Snort itself is distributed
under the GPL, the (VRT) rules are now under a less free license. Of
course the user can get them for free, but with a 30 day delay and only
after registering with SourceFire.
I want to say that the common user never use the rules provided from
Debian because they are too wide spread and generate a lot of false
positives.
I think this reasoning makes no sense, for a number of reasons:
1. Snort can be useful even without any rules: it can detect anomalies
in stream tracking, dns, ftp, http, smtp. It can provide statistics,
capture traffic.
2. Managing the Snort rules through the very static Debian packages
system make no sense in the first place. Many of the rules change weekly
or even daily. Debian would never update the package for this.
Oinkmaster should be used for this, and Debian provides this tool as well.
3. People can write their own rules.
4. There still are many free rules available. The Snort community rules
are GPL licensed, Bleeding rules are BSD licensed. Together they have
thousands of rules.
So i ask:
1) can i package only snort (without rules) and upload it to revu?
2) i see that old Debian snort package use a old patching system, can i
remake it?
3) can i create a Snort MOTU Team for write a set of GPL rules for
Ubuntu snort?
Thanks.
- --
Bye,
Alessandro Tanasi
Email: alessandro at tanasi.it
Jabber: jekil at jabber.linux.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGjmPAzpzodNih5JoRAiPYAKCaWXj8XQ4b29IWI59bmC5BO0rLLACfbthu
jxUV10SA+C7x2fuKF8JQ/OE=
=VgfC
-----END PGP SIGNATURE-----
More information about the Ubuntu-motu
mailing list