[Snort-sigs] Sids 659 and 660 (again)
bmc at ...8...
Fri Aug 31 21:15:04 EDT 2001
On Sat, Sep 01, 2001 at 12:15:18PM +1000, John Berkers wrote:
> Despite arachnids no longer being maintained, I believe that the reference
> info there is still relevant. If there were some replacement source of
> reference information that we could refer to, even for things as innocuous
> as a ping, that could give us an alternative. CVE references are of course
> still essential, since these provide additional references to CERT, vendor
> and other advisories (pity Max didn't include CVE references in his rules).
> At this stage I'm not offering to try and build a site such as suggested
> above, but I am wondering if there is a site that offers such a service
> (other than Whitehats). Obviously quite a bit of work would need to go into
> it to get it up and running, and then there is the maintenance of it.
We are in the process of building such a database, and providing copies
of the database for free. (Unlike Max's database).
Its a complex beast, and we are trying to do it right the first time as
to allow for growth and future/backward compatability. Its a difficult
task. So it is taking a while.
More information about the Snort-sigs