Snort mailing list archives
building a local IP reputation
From: 김무성 <kimms () infosec co kr>
Date: Tue, 26 Jul 2011 16:38:06 +0900
Hello list. I'm researching about building a local IP reputation for our product(IDS). There are few factor for building reputation. Risk rate, False positive rate, global IP reputation, rule's lifecycle Example) Risk rate is from 1 to 5. 5 is very risk. False positive rate from 1 to 5. 5 means that there is no FP. So, 5x5 = IP reputation is very bad. In addition, global IP reputation (from Symantec or McAfee, etc) and rule's lifecycle help scoring. Example) if above log has a bad IP reputation and in the lifecycle, this must be a real attack. Are there any other factors which help to calculate reputation score? (in the field of network-based signature) Or material, article ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- blacklist file for reputation processor 김무성 (Jul 20)
- Re: blacklist file for reputation processor Alex Kirk (Jul 21)
- Re: blacklist file for reputation processor Will Metcalf (Jul 21)
- Re: blacklist file for reputation processor Steven Sturges (Jul 21)
- Re: [Snort-users] blacklist file for reputation processor Matthew Jonkman (Jul 21)
- Re: [Snort-users] blacklist file for reputation processor Joel Esler (Jul 21)
- Re: [Snort-users] blacklist file for reputation processor Pablo (Jul 21)
- Re: [Snort-users] blacklist file for reputation processor 김무성 (Jul 26)
- building a local IP reputation 김무성 (Jul 26)
- Re: [Snort-users] blacklist file for reputation processor Matthew Jonkman (Jul 26)
- Re: blacklist file for reputation processor Will Metcalf (Jul 21)
- Re: blacklist file for reputation processor Alex Kirk (Jul 21)
- Re: blacklist file for reputation processor Will Metcalf (Jul 21)