Update to snort-220.127.116.11 comming
I have sent the Pfsense core team email about my improvements to the snort Pfsense CVS Repository.
Hopefully Pfsesne snort will be updated to snort-18.104.22.168 in a few days. The improvements I have made
work with Pfsense 1.2.2 and Pfsense 1.2.3.
I am also testing snort 2.8.4 rc1 with Pfsense 1.2.3 and all is well so far. Once snort 2.8.4 final is released by Sourcefire snort for
Pfsense will have to be immediately updated. The immediate update will have to be done because the rules from Sourcefire
will no longer work with any snort version less than 2.8.4.
Snort 3.0 or SnortSP 3.0 is the next big version from Sourcefire and from what I have read it is a completely different application than
what we have seen. The core team may have to make some changes to the snort GUI to make SnortSP 3.0 work. I don't see any big
problems because our community has never failed us. On the plus side, SnortSP 3.0 will have the ability to change snort rules on the fly
without restarting SnortSP engine.
If I could put up a little dude to dance in this post I would so a BIG !!!!YIPPIE!!!! will have to do ;)
;D :o ;D :o ;D :o ;D :o ;D 8) ;D 8) :o ;D :D 8) :o :o ;D :D ;D :D 8) :o ;D :D :o ;D :D 8) ;D :D 8) >:( ;D
Looking forward to the updates and thanks for all the hard work guys!! We all appreciate it very much!!
jamesdean when do you think that you will be releasing snort-22.214.171.124 or 2.8.4 rc1
are you going to include the ability to download emergingthreats.net rules
like you can chose between downloading emergingthreats rules and the original snort rules
or download both.
you can leave the Oinkmaster code blank if you don't want to download/include the original snort rules
and a simple box to check if you want to download/include emergingtreat rules or you can download/include both
jamesdean, would you happen to know whether mysql support is builtin with pfsense package?
I am asking because I want to have Snort sending all alerts to another box where I have BASE installed.
This is how it works at the moment with my current router (I had to recompile Snort for that because it was not included).
I would love to see it work with emerging threats. maybe this can be done by manual adding those under the rules directory
Is there any progress on this?
SANS recommends http://isc.sans.org/diary.html?storyid=6151&rss that all users upgrade to 2.8.4, as changes to the netbios rule format mean that all versions < 2.8.4 do not receive updates to netbios rules after 2009-04-08 (+ 30 days if you are a freeloader)