Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)
On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote:
> No. New attacks represent security threats. Old attacks represent
> curiosities, at best (i.e. have you seen any Redhat 6.2 rpc.statd attacks
> lately?)
>
> An intrusion detection system that can not detect known intrusions is not
> useful.
The snort in stable _can_ detect known intrusions. It cannot detect _all_
known intrusions, but if an IDS which cannot detect _all_ known intrusions
is not useful, then no version of snort is useful.
Once snort gets to the point where new rules are usually compatible with the
old engine, I think this problem can be addressed by a process to update the
rules.
--
- mdz
Reply to: