As things stand, Snort is at version and is constantly being developed to integrate new and more powerful features and detection. The VRT fairly regularly receives inquiries from folks on how to get our current rule packages to seamlessly integrate with their existing versions of Snort, which are beyond their end of life (EOL). These versions currently include anything older than Snort, as found here: with set to ride off into the sunset on 2012-10-17. (

The Sourcefire VRT is focused on providing the best protection possible. In order to do this, we need to make sure that our open source users upgrade to the newest version of Snort and pay heed to the EOL schedules. Simply put, the newer features that have been added, as well as most of the rules developed to combat present day threats, will not work with older versions of Snort. This always leads us to recommend that you should perform a simple upgrade.

Remember, your Intrusion Prevention System (IPS) is not an archaic performance machine that can be nurtured and tweaked with aftermarket parts, WD40, and duct tape with the hope it’ll be the best it can be. Your IPS is meant to be the most advanced and up-to-date defensive technology you can put between you and the bad guys. Threats evolve every day. The VRT writes detection content as the Snort team writes code features, both of which evolve Snort to help you defeat these threats. Why would you not upgrade to the best possible chance of protection that your IPS is capable of providing?

Let us know if you need help by writing the Snort-users mailing list found below.