[Snort-sigs] Sids 659 and 660 (again)

Brian Caswell bmc at ...8...
Fri Aug 31 21:15:04 EDT 2001


On Sat, Sep 01, 2001 at 12:15:18PM +1000, John Berkers wrote:
> Despite arachnids no longer being maintained, I believe that the reference
> info there is still relevant.  If there were some replacement source of
> reference information that we could refer to, even for things as innocuous
> as a ping, that could give us an alternative.  CVE references are of course
> still essential, since these provide additional references to CERT, vendor
> and other advisories (pity Max didn't include CVE references in his rules).
> 
> At this stage I'm not offering to try and build a site such as suggested
> above, but I am wondering if there is a site that offers such  a service
> (other than Whitehats).  Obviously quite a bit of work would need to go into
> it to get it up and running, and then there is the maintenance of it.

We are in the process of building such a database, and providing copies
of the database for free.  (Unlike Max's database).  

Its a complex beast, and we are trying to do it right the first time as
to allow for growth and future/backward compatability.  Its a difficult
task.  So it is taking a while.

-brian




More information about the Snort-sigs mailing list