Re: [Snort-users] Snort 2.9.0 Now Available

From: Russ Combs <rcombs_at_nospam>
Date: Tue Oct 05 2010 - 16:12:36 GMT
To: wkitty42@windstream.net

On Tue, Oct 5, 2010 at 12:00 PM, waldo kitty <wkitty42@windstream.net>wrote:

> On 10/5/2010 08:32, Russ Combs wrote:
> >
> > On Mon, Oct 4, 2010 at 10:52 PM, waldo kitty <wkitty42@windstream.net
> > <mailto:wkitty42@windstream.net>> wrote:
> >
> > the only libnet i find anywhere in our basic source directories seems
> to be
> > win32 related for some package(s) we use that support that
> environment... since
> > we're a *nix based environment, that one doesn't do us any good...
> >
> > libnet is a library. You may have installed it from a binary package or
> built
> > it from a source package but it is not part of the Snort source tree.
>
> as written above, there is no libnet in use at all in the product i'm
> working
> with... there's no libdnet, either... we've simply never had a need for
> either...
>

OK - libnet was only required for inline builds. I'm looking into a change
that may obviate dnet for Snort when active response is not configured.

>
> > > AFAIK, we don't use DAQ in our setup... pcap seems to be what
> we use
> [TRIM]
> > >
> > > With 2.9.0, you *must* use the DAQ. By default, you will wind up
> using a
> > pcap
> > > DAQ, but the DAQ is a separate package that must be installed.
> This is
> > new for
> > > 2.9.0.
> >
> > ugh! when does the madness end? :lol: i'll have to see if i can hunt
> up the
> > archive for that... hopefully it is available at
> > www.snort.org/ports/snort-current/ <
> http://www.snort.org/ports/snort-current/>
> >
> > You can find it here, along with Snort:
> http://www.snort.org/snort-downloads.
>
> i'd rather find it in a place that is automation and script friendly...
> that web
> page link is not :?
>

This is another issue worth sending to the web site maintainers.

>
> > > Also, the NFQ and IPQ DAQs require libdnet, but so does Snort
> 2.9.0.
> >
> > this begs the question of why DAQ wasn't included in the 2.9.0
> archive so that
> > one only need grab that one archive, untar it and DAQ be available in
> the 2.9.0
> > source tree... it sure would make things a *lot* easier :?
> >
> > It would make things a tad easier for Snort installs but the DAQ is a
> generic
> > solution to packet acquisition problems and is packaged separately so
> that it
> > may find a life of its own.
>
> that's understandable... to a point... i can't count the numbers of times
> that
> i've included other packages in my releases that are standalone that my
> release
> required for operation... it just made sense to "make it as easy as
> possible"...
> it certainly didn't take away from the separation of the packages or their
> individuality ;)
>
> > this release really should be 3.something instead of 2.9 with changes
> like
> > these... but all we can do it either keep trying to move forward or
> dump snort
> > in the bitbucket and find something else :? that's not my call so all
> i can do
> > is try to keep beating snort into submission in my environment... it
> may very
> > well turn out that it gets dumped if we can't get 2.9.0 working and
> especially
> > if the rules updates get EOLed and leave our users with no rules to
> use...
> >
> > If you want to roll your own, I recommend you start with the DAQ ... :)
>
> hehehehehe, that's funny :)
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: waldo kitty: "Re: [Snort-users] Snort 2.9.0 DCE RPC error [SOLVED] and more"
Previous message: waldo kitty: "Re: [Snort-users] Snort 2.9.0 Now Available"
In reply to: waldo kitty: "Re: [Snort-users] Snort 2.9.0 Now Available"
Next in thread: waldo kitty: "Re: [Snort-users] Snort 2.9.0 Now Available"
Reply: waldo kitty: "Re: [Snort-users] Snort 2.9.0 Now Available"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]