Is OpenAppID dead?
-
Today i've setup snort on a pfSense-Box for Application blocking. I've seen that the file which downloaded during setup ist last updated in late 2017.
Will the file still be maintained?
Kind regards
-
@stauraum Not exactly sure where you are looking but I have .lua files dated 5th November:-
[2.4.5-RELEASE][admin@pfsense]/root: find / -name client_5by5_Radio.lua -print /usr/local/etc/snort/appid/odp/lua/client_5by5_Radio.lua [2.4.5-RELEASE][admin@pfsense]/root: ls -alg /usr/local/etc/snort/appid/odp/lua/client_5by5_Radio.lua -rw-r--r-- 1 root wheel 2185 Nov 5 21:42 /usr/local/etc/snort/appid/odp/lua/client_5by5_Radio.lua [2.4.5-RELEASE][admin@pfsense]/root:
Ah you're looking at https://files.pfsense.org/openappid/appid_rules.tar.gz I think it pulls some files off the snort web site and the appid_rules.
@bmeeks would be the guy in the know.
-
The file was created by a set of volunteers at a University in Brazil. They maintained it for a time, but then stopped. The physical file is hosted by Netgate because the University where it was created used GeoIP blocking that was preventing users from some areas of the world from downloading the file. So Netgate agreed to grab it and host a copy on their servers.
However, it does appear the maintainers stopped updating the file quite some time ago. It is currently not updated so far as I know.
-
-
@stauraum said in Is OpenAppID dead?:
@nogamer @bmeeks Ok, I've found my services in "odp/appMapping.data" which was updated in november 2020. So i can create custom rules to block these services in my network.
I hope so that this file is updated in the future.
I think there is some interest in updating the file from another party, but I can't say who for now. Perhaps they will choose to takeover maintaining the OpenAppID text rules going forward.
In the meantime, you can certainly create your own custom OpenAppID rules to supplement those available in the standard archive. You found the proper location for identifying application names (in
/usr/local/etc/snort/appid/odp/appMapping.data
).