Re: [Snort-sigs] Packet Payload database?

[Rodrigo Ramos <rodrigo.ramos () triforsec com br>]

Hi,

You can find a good help at http://www.giac.org/GCIA.php.
The book Intrusion Signatures and Analysis is also a good resource too.

Best Regards,
Rodrigo Ramos
http://www.triforsec.com.br


On Fri, 2004-05-21 at 17:50, Scott Zawalski wrote:
> Is there a database available to the public that has captures of what 
> some of these rules are looking for? I have looked around and not been 
> able to find one.
>
>  If older rules have broad defniitions that later on produce false 
> positives, people cannot improve them without knowing what the rule was 
> originally constructed for. With a database like this available it will 
> help older rules be even more fined tuned as newer net traffic 
> (homegrown apps)  might incorporate traffic bits that produces false 
> positives.
>
> I think that something along these lines would fit in perfectly with the 
> current snort-rules documentation and would be easy to keep up to date. 
> As new rules come up simply attach the payload you produced it from.
>
> Scott
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

Attachment: signature.asc
Description: This is a digitally signed message part