Snort mailing list archives
RE: Create ACID AG
From: "James Ashton" <James () vortechhosting com>
Date: Tue, 27 Apr 2004 09:53:24 -0400
While I certainly DON'T want to detract from the sig base on snort.org I must say that for me, it is always a LITTLE behind where I would like it. I am hoping that by having a Sig Database that we all keep current with the sigs that we write then everyone can have a little more chance of catching something that they might have otherwise missed. I monitor a network with over 60 servers and over 10,000 IPs. I have 200Mb/s being sniffed and with the various OSs that I have my sig-base is pretty large... in order to make IDS useful to me I need to keep the sig-base as up to date as possible with as many of the new worm and exploit sigs in the base as possible and as few of the sigs that don't apply to me. In my environment it is very difficult to know what is an attack and what is user stupidity, so this up to date-ness is very important to me. That's why I thought that this needed to be done. Not to replace the snort sig-base but to allow myself and the others that need it to more easily keep up to date... this way if I write a good sig for something you don't kneed to write the same thing.. you can just use mine... etc. I think we all write custom sigs... that is the point of having the local.rules file..... this just makes it easier.
Current thread:
- Create ACID AG Naveen C Joshi (Apr 19)
- RE: Create ACID AG Michael Steele (Apr 19)
- <Possible follow-ups>
- RE: Create ACID AG Harper, Patrick (Apr 19)
- RE: Create ACID AG Naveen C Joshi (Apr 19)
- RE: Create ACID AG Naveen C Joshi (Apr 26)
- Re: Create ACID AG Nick Oliver (Apr 26)
- RE: Create ACID AG Naveen C Joshi (Apr 27)
- RE: Create ACID AG Michael Steele (Apr 26)
- RE: Create ACID AG Naveen C Joshi (Apr 27)
- RE: Create ACID AG Naveen C Joshi (Apr 19)
- RE: Create ACID AG Naveen C Joshi (Apr 28)