Re: [Snort-users] Snort 2.8.1 Release Candidate Now Available

--===============1997861956==
Content-Type: multipart/alternative;
boundary="----=_Part_10753_23442543.1206566999588"

------=_Part_10753_23442543.1206566999588
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

This should not affect your rule writing. However, dynamic attributes shoul=
d
help define your stream and frag policies on the fly with the assistance of
an asset identification tool.


Cheers,
Justin

On Wed, Mar 26, 2008 at 2:14 PM, Patrik Nordl=E9n <patrik.nordlen@sentor.se=
>
wrote:

> On Wednesday 12 March 2008 16.18.26 Snort Releases wrote:
> > Hi everybody,
> >
> > A release candidate version of Snort 2.8.1 is now available on
> > snort.org, at http://www.snort.org/dl/
> >
> > Feature highlights:
> >
> > * Support for target-based attribute tables
> [...]
>
> This feature seems VERY cool and a great step forward for Snort! I browse=
d
> through the manual for 2.8.1rc and found some information on how the file
> containing the attribute tables should be formatted - however I found no
> further information on how to actually use this new functionality when
> writing rules. I guess this will be added in the documentation before the
> final 2.8 comes out, but could someone in the know shed some light on thi=
s
> until then? Also, I'm curious as to whether this means all current rules
> will
> soon be rewritten to use these attributes primarily.
>
> Cheers,
> Patrik
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216....net/marketpl=
ace
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/...rt-usersSnort=
-users>list archive:
> http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
>

------=_Part_10753_23442543.1206566999588
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

This should not affect your rule writing. However, dynamic attributes shoul=
d help define your stream and frag policies on the fly with the assistance =
of an asset identification tool.<br><br><br>Cheers,<br>Justin<br><br><div c=
lass=3D"gmail_quote">
On Wed, Mar 26, 2008 at 2:14 PM, Patrik Nordl=E9n &lt;<a href=3D"mailto:pat=
rik.nordlen@sentor.se">patrik.nordlen@sentor.se</a>&gt; wrote:<br><blockquo=
te class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204)=
; margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class=3D"Ih2E3d">On Wednesday 12 March 2008 16.18.26 Snort Releases wr=
ote:<br>
&gt; Hi everybody,<br>
&gt;<br>
&gt; A release candidate version of Snort 2.8.1 is now available on<br>
&gt; <a href=3D"http://snort.org" target=3D"_blank">snort.org</a>, at <a hr=
ef=3D"http://www.snort.org/dl/" target=3D"_blank">http://www.snort.org/dl/<=
/a><br>
&gt;<br>
&gt; Feature highlights:<br>
&gt;<br>
&gt; * Support for target-based attribute tables<br>
</div>[...]<br>
<br>
This feature seems VERY cool and a great step forward for Snort! I browsed<=
br>
through the manual for 2.8.1rc and found some information on how the file<b=
r>
containing the attribute tables should be formatted - however I found no<br=
>
further information on how to actually use this new functionality when<br>
writing rules. I guess this will be added in the documentation before the<b=
r>
final 2.8 comes out, but could someone in the know shed some light on this<=
br>
until then? Also, I'm curious as to whether this means all current rule=
s will<br>
soon be rewritten to use these attributes primarily.<br>
<br>
Cheers,<br>
<font color=3D"#888888">Patrik<br>
</font><br>----------------------------------------------------------------=
---------<br>
Check out the new SourceForge.net Marketplace.<br>
It's the best place to buy or sell services for<br>
just about anything Open Source.<br>
<a href=3D"http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net=
/marketplace" target=3D"_blank">http://ad.doubleclick.net/clk;164216239;135=
03038;w?http://sf.net/marketplace</a><br>__________________________________=
_____________<br>

Snort-users mailing list<br>
<a href=3D"mailto:Snort-users@lists.sourceforge.net">Snort-users@lists.sour=
ceforge.net</a><br>
Go to this URL to change user options or unsubscribe:<br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-us=
ers" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/snort-u=
sers<br>
Snort-users</a> list archive:<br>
<a href=3D"http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users" targ=
et=3D"_blank">http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users</a=
><br></blockquote></div><br>

------=_Part_10753_23442543.1206566999588--


--===============1997861956==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216...et/marketplace
--===============1997861956==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============1997861956==--