[Snort-sigs] Signature Database
Lancaster, J Jackson Contr SAF/FMPT
jackson.lancaster at ...2417...
Mon Apr 26 07:39:16 EDT 2004
Sorry, this isn't my site. I just found a link to it on the
From: Mark Fagan [mailto:r00t at ...2419...]
Sent: Monday, April 26, 2004 9:36 AM
To: Lancaster, J Jackson Contr SAF/FMPT
Subject: Re: [Snort-sigs] Signature Database
Just registered at your site.
I as well as thousands of othere would like to see all cureent AV
as we can quickly add them to our sensors from a single location.
I would be in a position to help with this, I also think it would be a
good idea to allow people to download the entire ruleset each day at say
GMT, where you are guranteed to get the latest version of that
I would speak with Jeff Dell (www.activeworx.com) who is the author of
Poilicy manager, used by many Snorters, and ask him to add a download
Let me know what you think.
Quoting "Lancaster, J Jackson Contr SAF/FMPT"
<jackson.lancaster at ...2417...>:
> Someone had asked about a repository for Snort signatures. I found
> this on fulldisclosure
> Snort Signature Database.... Sort of
> I, amoung many other people that I know, Are interested in keeping our
> snort instalations as relivant as possible. The most important single
> activity in this is to keep the signature base up to date. I think
> that the snort.org guys have done a realy wonderful job of releasing
> signatures frequently, But I would like to be able to keep more up to
> the minute with new exploits than they or any other group realy can.
> I run regular searches and often see people posting signatures on this
> and other lists but.... I thought it would be handy to have a single
> "repository" of sorts. So with this in mind I set up phpBB (Yeah I
> know) and am opening it up to everyone while I work on a better
> interface to put our signatures into I figured that this was easy and
> I would ask that yourpost titles be relevant to the signature... such
> "Microsoft - SSLv3 sig - new" or
> "Cisco IOS 12.1 buffer overflow attack production"
> This will make it easier down the road, If anyone actualy uses this,
> and the signature base grows... I am planning to keep this up no
> matter how big it gets. So I am hoping that People will use it and
> make suggestions.
> Link: http://www.snort.gitflorida.com/phpBB2/
> Well, Anyone think this is a workable idea.... I am hoping it will
> help us all keep up to date.
> James Ashton
> Jackson Lancaster
More information about the Snort-sigs