[Snort-sigs] Sig 1313 documentation and questions

Brian bmc at ...95...
Sat Jun 7 18:27:10 EDT 2003


On Sat, Jun 07, 2003 at 05:46:15PM -0700, Gauldin Sean wrote:
> I have some rules documented and am more than willing
> to submit them if the rule below is satisfactory with
> regards to the information and verbage. I didn't want
> to waste anyones time or space by submitting
> incorrect/unsatisfactory sig documentation. I have all
> of the inappropriate content (i.e. PORN) rules
> documented and some others (p2p clients,PCanywhere).

Per your documentation, Nigel is on vacation at the moment.  When he
gets back, I'm sure he will let you know.  BTW, I wrote the porn
rules.  It was such hard ... work :)

> I also have a question regarding a possible new snort
> rule category. I am not trying to turn snort into a
> content monitoring application, but it seems as though
> some of the rules are related to company policy
> violations. So, I thought I would throw up the idea of
> mail-monitor.rules and see how it would fly. These
> rules would basically mirror some of the previously
> submitted inappropriate content rules, as-well-as
> possible vulgar, racial, and demoralizing remarks. I
> know in some businesses one is just as bad as the
> other,but either way just a thought. If it is
> something worthwhile I can get some rules for it. 

Well, feel free to put it together and host it somewhere.  I'm sure
other people would love that type of ruleset, though I don't think
I'd accept it into the "official" set.  (Though, if enough people
chime in and you keep it up-to-date, we can discuss it further...)

I've been thinking about hosting unofficial rulesets people put
together on snort.org for a while.  I'll make you a deal.  If you keep
it up to date, I'll host it on snort.org for all to download in the
contrib section.

-brian




More information about the Snort-sigs mailing list