Wednesday, December 14, 2011

Google Groups, Mailing Lists, and Forums, redux

Snort Community --

A year ago I asked the Snort Community which route would be preferable to take with methods of interaction within the community, the three options presented were Google Groups, Forums (as they were), or Mailing lists.  People voted in the vast majority for Google Groups.

The original intention for the Google Groups was to collapse the Forums and the Mailing lists and consolidate everything in to the Google Groups structure so we could have both a web-based forum and an email based forum for interacting with the rest of the Snort Community as well as the developers and maintainers of Snort, the official Snort ruleset, and all the projects that surround this large community.

Unfortunately this isn't working out for many reasons. 

  1. Shortly after we did this, Google separated "Google" accounts and "Google Business" accounts.  Making it nearly impossible to use a public Google Groups forum with a private Google Business account.  It is possible to do, but it takes a lot of work and isn't worth the trouble.
  2. We found that you can only add 10 members to a Google Group at a time, if you add too many, Google thinks you are spamming and they close the Group.  Well, with over 7000 members between the three lists, that would take quite some time to complete.
  3. We have 10+ years of history on the Snort Mailing lists, and I don't want to abandon that.

So moving forward, what I intend to do is lock the Google Groups, and move the members of the 3 Google groups over to the respective Snort Mailing list and subscribe everyone.  In the subscribe email, i'll provide instructions on where to log in and change your delivery method (some people prefer digest-mode) or even unsubscribe if you don't wish to receive email.  I'll move Snort-Devel first, Snort-Sigs, then Snort-Users.

This will provide the community with one place to ask and receive answers to questions.

I'm interested in hearing your feedback.


  1. Good idea!

    Would it also be possible for users wanting to get an archive in their usual mail workflow to get archives of previous incarnations of the ML as an mbox archive to import?

  2. What I will do is leave the Google Groups up for awhile. So they continued to be indexed. After 6 months or so, I'll delete them totally.

  3. HI
    I would like to know what rules do we have in snort for the following threats;

    1) Blackhole toolkit exploits using Java to exploit systems.
    2) Adobe FlashPlayer - Exploits available for CVE-2012-0751
    3) RDP exploit, which exploits vulnerabilities addressed in MS12-020.
    4) Flashback Trojan for MAC

  4. 1) We have approx 30 rules in the ruleset that deal with blackhole.
    2) We cover it.
    3) We cover it.
    4) We cover it, not only with Snort, but with our AV products as well.