[Snort-devel] [robert_david_graham at ...83...: Rapid response]

Joe McAlerney joey at ...63...
Mon Oct 23 19:27:36 EDT 2000


Martin Roesch wrote:

> So, if I and all of you didn't suck so much, we could maybe do something as
> spiffy as SecureNet Pro. ;)

Yes, that was a painful thread.  I was looking forward to your reply
when you got back from SANS.  I found it interesting how SecureNet Pro's
site boasts their anti evasion tactics to catch creatively crafted
attacks when it's rule base only contains "more than 300 common attack
signatures".  There's more than 4 times that many Snort rules.  I guess
one way to limit false positives is to have false negatives.

-Joe M.

Disclaimer: The above opinions belong entirely to me and my cup of
coffee.  They do not necessarily reflect the opinions of my employer.



More information about the Snort-devel mailing list