Is there a problem with using Oinkmaster? The novel concept of users possibly registering and using the rules themselves?
Really, is it all that useful to have an incomplete set of rules? Would you run an anti-virus program that had most of the 3+ year old virus definitions and 5% of the recent popular worms? Of course not, it wouldn't stop anything. What we're looking at for options: - Snort 2.3, GPL rules. Useless, old, not worth having because it won't protect you against the majority of malicious traffic (yes, hackers use new attacks, how novel) - Snort 2.6, no rules. User has to get his own. And what the user's looking at for options on top of it: - Snort 2.3, registered feed. 5 days old, but up to date enough that we have all known exploits up to last week. Old, deprecated scanning engine though. - Snort 2.6, registered feed. 5 days old but it's useful, and it's on a faster, more stable scanning engine that hasn't been discontinued. - Either of the above with subscription, pay to get the rules 5 days earlier. For mission-critical networks, this is the best solution. I don't find a SIGNATURE BASED REACTIVE SECURITY DEVICE to be useful without up to date signatures. Snort is an anti-virus program that's not hunting viruses, it still works under the same rules. -- version of snort in universe is dead https://launchpad.net/bugs/56533 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
