Snort mailing list archives
Re: [Snort-sigs] Packet Payload database?
From: Rodrigo Ramos <rodrigo.ramos () triforsec com br>
Date: Sat, 22 May 2004 08:48:51 -0300
Hi, You can find a good help at http://www.giac.org/GCIA.php. The book Intrusion Signatures and Analysis is also a good resource too. Best Regards, Rodrigo Ramos http://www.triforsec.com.br On Fri, 2004-05-21 at 17:50, Scott Zawalski wrote:
Is there a database available to the public that has captures of what some of these rules are looking for? I have looked around and not been able to find one. If older rules have broad defniitions that later on produce false positives, people cannot improve them without knowing what the rule was originally constructed for. With a database like this available it will help older rules be even more fined tuned as newer net traffic (homegrown apps) might incorporate traffic bits that produces false positives. I think that something along these lines would fit in perfectly with the current snort-rules documentation and would be easy to keep up to date. As new rules come up simply attach the payload you produced it from. Scott ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Packet Payload database? Scott Zawalski (May 21)
- Re: [Snort-sigs] Packet Payload database? Rodrigo Ramos (May 22)