IDS mailing list archives

Re: Intrusion Detection Evaluation Datasets

From: Joel Esler <eslerj () gmail com>
Date: Thu, 19 Mar 2009 16:33:41 -0400

On Mar 19, 2009, at 4:30 PM, Paul Schmehl wrote:

--On Thursday, March 19, 2009 14:33:29 -0400 Joel Esler <eslerj () gmail com> wrote:
Would this be an appropriate use for byte_test or byte_jump?
That's what I was referring to when I mentioned applications. Theproblem with http traffic is that it's much more freeform anddoesn't lend itself to byte_test and byte_jump type tests.

I'd probably use a combination of isdataat and pcre for this. AsMarty said, 99.9999% of things can be found with plaintext Snortrules. Anything else, you can use an .so rule for.


--
Joel Esler T: 302-223-5974 (-) Gtalk: jesler () sourcefire com
[m]

Current thread:

Re: Intrusion Detection Evaluation Datasets, (continued)
- - - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Joel Esler (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)

(Thread continues...)