IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Joel Esler <eslerj () gmail com>
Date: Thu, 19 Mar 2009 16:33:41 -0400
On Mar 19, 2009, at 4:30 PM, Paul Schmehl wrote:
--On Thursday, March 19, 2009 14:33:29 -0400 Joel Esler <eslerj () gmail com > wrote:Would this be an appropriate use for byte_test or byte_jump?That's what I was referring to when I mentioned applications. The problem with http traffic is that it's much more freeform and doesn't lend itself to byte_test and byte_jump type tests.
I'd probably use a combination of isdataat and pcre for this. As Marty said, 99.9999% of things can be found with plaintext Snort rules. Anything else, you can use an .so rule for.
-- Joel Esler T: 302-223-5974 (-) Gtalk: jesler () sourcefire com [m]
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)