Snort mailing list archives

Re: Reliability of signatures

From: Crusty Saint <saintcrusty () gmail com>
Date: Fri, 4 Feb 2011 17:12:13 +0100

For now a flag for false-pos and one for false-neg would be nice to have.
Never mind digging into snort.org/search every time.

2011/2/4 Martin Roesch <roesch () sourcefire com>

On Fri, Feb 4, 2011 at 10:16 AM, Jim Hranicky <jfh () ufl edu> wrote:

On Fri, 4 Feb 2011 09:13:12 -0600
Martin Holste <mcholste () gmail com> wrote:

Seems like there'd almost need to be a central place that various
entities could report their findings. I know we've got rules that we
rely on heavily and work very well for us, but other than mailing

lists

there's no place to report our findings.


Hm, you mean like a vote up/down system like StackOverflow.com?  That
could be really interesting.  It would be very valuable to see what
others are finding to be helpful.


Sure, something like that - that would actually be very cool.


I like that idea too.  It'd make a lot of sense to integrate it into
snort.org - in fact there's probably a lot of data about Snort
detection performance, config options and rule quality we could put up
there.  Communication favors the defender...

Marty

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org


------------------------------------------------------------------------------
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world?
http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-- 
- - -
Security Engineer - Tags: Analyst Systems Security Linux Firewall Network
Web Troubleshooting - If you think I deserve a rant, write me off-list

------------------------------------------------------------------------------
The modern datacenter depends on network connectivity to access resources
and provide services. The best practices for maximizing a physical server's
connectivity to a physical network are well understood - see how these
rules translate into the virtual world? 
http://p.sf.net/sfu/oracle-sfdevnlfb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Reliability of signatures, (continued)
- - - Re: Reliability of signatures waldo kitty (Feb 04)
    - Re: Reliability of signatures waldo kitty (Feb 04)
    - Re: Reliability of signatures Martin Holste (Feb 04)
    - Re: Reliability of signatures Matthew Jonkman (Feb 04)
    - Re: Reliability of signatures Crusty Saint (Feb 04)
    - Re: Reliability of signatures Matthew Jonkman (Feb 04)
    - Re: Reliability of signatures Fraser, Hugh (Feb 07)
    - Re: Reliability of signatures Martin Holste (Feb 04)
    - Re: Reliability of signatures Fraser, Hugh (Feb 07)
    - Re: Reliability of signatures Michael Scheidell (Feb 04)
    - Re: Reliability of signatures Crusty Saint (Feb 04)
    - Re: Reliability of signatures Michael Scheidell (Feb 04)
    - Re: Reliability of signatures Crusty Saint (Feb 04)
    - Re: Reliability of signatures waldo kitty (Feb 04)
    - Re: Reliability of signatures Fraser, Hugh (Feb 07)