[Snort-sigs] Signature Database

Lancaster, J Jackson Contr SAF/FMPT jackson.lancaster at ...2417...
Mon Apr 26 07:39:16 EDT 2004


Sorry, this isn't my site.  I just found a link to it on the
fulldisclosure list.

-----Original Message-----
From: Mark Fagan [mailto:r00t at ...2419...] 
Sent: Monday, April 26, 2004 9:36 AM
To: Lancaster, J Jackson Contr SAF/FMPT
Subject: Re: [Snort-sigs] Signature Database


Hi there,

Just registered at your site.

I as well as thousands of othere would like to see all cureent AV
signatures so 
as we can quickly add them to our sensors from a single location.

I would be in a position to help with this, I also think it would be a
very 
good idea to allow people to download the entire ruleset each day at say
6:00 
GMT, where you are guranteed to get the latest version of that
particular days 
events.

I would speak with Jeff Dell (www.activeworx.com) who is the author of
IDS 
Poilicy manager, used by many Snorters, and ask him to add a download
option 
from www.snort.gitflorida.com.

Let me know what you think.

Cheers

Mark
Quoting "Lancaster, J Jackson Contr SAF/FMPT" 
<jackson.lancaster at ...2417...>:

> Someone had asked about a repository for Snort signatures.  I found 
> this on fulldisclosure
>  
> Snort Signature Database.... Sort of 
> http://seclists.org/lists/fulldisclosure/2004/Apr/0936.html
>  
> I, amoung many other people that I know, Are interested in keeping our

> snort instalations as relivant as possible. The most important single 
> activity in this is to keep the signature base up to date. I think 
> that the snort.org guys have done a realy wonderful job of releasing 
> signatures frequently, But I would like to be able to keep more up to 
> the minute with new exploits than they or any other group realy can.
> 
> 
> I run regular searches and often see people posting signatures on this

> and other lists but.... I thought it would be handy to have a single 
> "repository" of sorts. So with this in mind I set up phpBB (Yeah I 
> know) and am opening it up to everyone while I work on a better 
> interface to put our signatures into I figured that this was easy and 
> searchable.
> 
> 
> I would ask that yourpost titles be relevant to the signature... such 
> as
> 
> 
> 
> "Microsoft - SSLv3 sig - new" or
> 
> 
> "Cisco IOS 12.1 buffer overflow attack production"
> 
> 
> This will make it easier down the road, If anyone actualy uses this, 
> and the signature base grows... I am planning to keep this up no 
> matter how big it gets. So I am hoping that People will use it and 
> make suggestions.
> 
> 
> Link: http://www.snort.gitflorida.com/phpBB2/
> 
> 
> Well, Anyone think this is a workable idea.... I am hoping it will 
> help us all keep up to date.
> 
> 
> James Ashton
> 
> 
>  
> 
> Jackson Lancaster
> 
>  
> 







More information about the Snort-sigs mailing list