Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)

[Matt Zimmerman <mdz@debian.org>]

On Mon, Aug 25, 2003 at 12:11:07PM -0400, Noah L. Meyerhans wrote:

> No.  New attacks represent security threats.  Old attacks represent
> curiosities, at best (i.e. have you seen any Redhat 6.2 rpc.statd attacks
> lately?)
> 
> An intrusion detection system that can not detect known intrusions is not
> useful.

The snort in stable _can_ detect known intrusions.  It cannot detect _all_
known intrusions, but if an IDS which cannot detect _all_ known intrusions
is not useful, then no version of snort is useful.

Once snort gets to the point where new rules are usually compatible with the
old engine, I think this problem can be addressed by a process to update the
rules.

-- 
 - mdz