RE: Create ACID AG

["James Ashton" <James () vortechhosting com>]

While I certainly DON'T want to detract from the sig base on snort.org I
must say that for me, it is always a LITTLE behind where I would like
it. I am hoping that by having a Sig Database that we all keep current
with the sigs that we write then everyone can have a little more chance
of catching something that they might have otherwise missed. 

 

 I monitor a network with over 60 servers and over 10,000 IPs. I have
200Mb/s being sniffed and with the various OSs that I have my sig-base
is pretty large... in order to make IDS useful to me I need to keep the
sig-base as up to date as possible with as many of the new worm and
exploit sigs in the base as possible and as few of the sigs that don't
apply to me. In my environment it is very difficult to know what is an
attack and what is user stupidity, so this up to date-ness is very
important to me.  That's why I thought that this needed to be done. Not
to replace the snort sig-base   but to allow myself and the others that
need it to more easily keep up to date...  this way if I write a good
sig for something you don't kneed to write the same thing.. you can just
use mine... etc.  I think we all write custom sigs... that is the point
of having the local.rules file.....  this just makes it easier.