[Snort-devel] accurate snort profiles

Gianni Tedesco gianni at ...1804...
Fri Jan 31 10:42:17 EST 2003


On Fri, 2003-01-31 at 15:53, Daniel Roelker wrote:
> Snort 2.0 (cvs HEAD) has had significant changes made to the detection
> engine, and probably has no resemblance to the 1.9 profile.  It would be
> interesting to see the differences between the two.

OK, will do that on my next set, I assume the snort 1.9.0 rules will
still work OK?

> Thanks a lot, and let us know what you find out.

No problems, I now have updated profiles up at the same URLS, check out
the following URL for information on the hardware, software, configs,
data sets, rulesets used:

http://www.scaramanga.co.uk/firestorm/developers.html

I have left in kernel and library (glibc etc.) profiles because thats a
little more helpful.

I'll try and get snort2 profiled in my next run, I'll do a series of
data files and a series of rules next time. Perhaps even do some graphs
if im feeling frisky :)

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030131/82c11c14/attachment.sig>


More information about the Snort-devel mailing list