Snort mailing list archives
Re: [Emerging-Sigs] Reliability of signatures
From: Crusty Saint <saintcrusty () gmail com>
Date: Thu, 10 Feb 2011 16:06:47 +0100
somehow this makes me wonder if human-readable rules are ( yes or no ) a strategical or tactical advantage, though as an admin it definitely is an advantage 2011/2/10 Michael Scheidell <michael.scheidell () secnap com>
On 2/10/11 8:30 AM, Michael Stone wrote: Well, even that distincion isn't so clear. Does "what it's supposed to be looking for" mean "the string the signature was written against" or "the malware the signature was written against"? if someone is scanning my LAMP network for IIS6 holes, are those FP's? btw, when on the icsa labs anti-spam initial steering group, all the vendors argues about was a SPAM and HAM was. that was the largest, longest and noisiest and most contentious issue. what is a spam? a) from email admin perspective: b) from user perspective. from a user, its 'something I didn't want, even if I signed up for it' ham? something I wanted, even if I didn't sign up for it. needed to come to an agreement, since part of the icsa labs certification was > 95% spam capture, and less then 1 in 100,000 FP's. so, if brother in law on aol gets a joke fwd to him, that has been around 100 times, and sends it to user, and the (business tuned) anti-spam engine blocks it, is that a FP? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300*| *SECNAP Network Security Corporation- Certified SNORT Integrator - 2008-9 Hot Company Award Winner, World Executive Alliance - Five-Star Partner Program 2009, VARBusiness - Best in Email Security,2010: Network Products Guide - King of Spam Filters, SC Magazine 2008 ------------------------------ This email has been scanned and certified safe by SpammerTrap®. For Information please see http://www.secnap.com/products/spammertrap/ ------------------------------ ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- - - - Security Engineer - Tags: Analyst Systems Security Linux Firewall Network Web Troubleshooting - If you think I deserve a rant, write me off-list
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] Reliability of signatures, (continued)
- Re: [Emerging-Sigs] Reliability of signatures Jacob Kitchel (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Martin Roesch (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Joel Esler (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Crusty Saint (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matthew Jonkman (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures List Subscriptions (Feb 10)
- Re: Reliability of signatures Jason Wallace (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Jason Wallace (Feb 04)
- Re: Reliability of signatures beenph (Feb 04)