Update to snort- comming

  • I have sent the Pfsense core team email about my improvements to the snort Pfsense CVS Repository.
    Hopefully Pfsesne snort will be updated to snort- in a few days. The improvements I have made
    work with Pfsense 1.2.2 and Pfsense 1.2.3.

    I am also testing snort 2.8.4 rc1 with Pfsense 1.2.3 and all is well so far. Once snort 2.8.4 final is released by Sourcefire snort for
    Pfsense will have to be immediately updated. The immediate update will have to be done because the rules from Sourcefire
    will no longer work with any snort version less than 2.8.4.

    Snort 3.0 or SnortSP 3.0 is the next big version from Sourcefire and from what I have read it is a completely different application than
    what we have seen. The core team may have to make some changes to the snort GUI to make SnortSP 3.0 work. I don't see any big 
    problems because our community has never failed us. On the plus side, SnortSP 3.0 will have the ability to change snort rules on the fly
    without restarting SnortSP engine.

  • If I could put up a little dude to dance in this post I would so a BIG !!!!YIPPIE!!!! will have to do  ;)
    ;D :o ;D :o ;D :o ;D :o ;D 8) ;D 8) :o ;D :D 8) :o  :o ;D :D ;D :D 8) :o ;D :D :o ;D :D 8) ;D :D 8) >:( ;D

    Looking forward to the updates and thanks for all the hard work guys!! We all appreciate it very much!!

  • ditto!

  • jamesdean when do you think that you will be releasing snort- or 2.8.4 rc1

    are you going to include the ability to download  emergingthreats.net rules

    like you can chose between downloading emergingthreats rules and the original snort rules

    or download both.

    you can leave the Oinkmaster code blank if you don't want to download/include the original snort rules
    and a simple box to check if you want to download/include emergingtreat rules or you can download/include both


  • jamesdean, would you happen to know whether mysql support is builtin with pfsense package?
    I am asking because I want to have Snort sending all alerts to another box where I have BASE installed.
    This is how it works at the moment with my current router (I had to recompile Snort for that because it was not included).

  • I would love to see it work with emerging threats.  maybe this can be done by manual adding those under the rules directory

  • Is there any progress on this?

    SANS recommends http://isc.sans.org/diary.html?storyid=6151&rss that all users upgrade to 2.8.4, as changes to the netbios rule format mean that all versions < 2.8.4 do not receive updates to netbios rules after 2009-04-08 (+ 30 days if you are a freeloader)



Log in to reply