Re: flowbits: netsenum

[waldo kitty <wkitty42 () windstream net>]

On 5/30/2013 17:52, Joel Esler wrote:
> On May 30, 2013, at 4:05 PM, waldo kitty <wkitty42 () windstream net
> <mailto:wkitty42 () windstream net>> wrote:
>
> > the fact that our environment it its own
> > distribution and not one of the big name brand one adds complication to the
> > process since they are distributed only in compiled form...
>
> Let me also correct this statement. We ship the large majority of SO rules in
> open form (meaning you can compile them yourself). There are very few rules out
> that are part of our NDA agreement to obfuscate the detection being done through
> an SO. We've only shipped one obfuscated rule (I think) in the past two years,
> and that's because its a zero day that we've reported to the vendor.
>
> The vast majority of SO rules you can download the source for (it's included in
> the tarball) and compile on your own machine.

thanks for the clarification! things didn't used to be this way but now that 
things have changed, it may be easier for us to provide the SO rules for our 
limited and closed environment... it is something that i will endeavor to dig 
into more and see what is what :)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!