[Snort-sigs] RE: Signature Database

Brian King bking at ...2422...
Tue Apr 27 07:32:17 EDT 2004


I agree that QA is important.  Sometimes bad information is worse than none
at all.  arachNIDS had a way to send in new signatures with packet dumps,
but it doesn't appear to have been updated in quite a while.  Another aspect
of this is the signature documentation to help admins understand the
significance of snort warnings.  I noticed that the online Snort signature
database doesn't have information on several current exploits (IIS PCT
vulnerability for one).  It would be nice if we developed some way of
updating signatures that would go into that database and a community review
process to validate them before they become official.  I am definitely
interested in working on the documentation aspect of the signature database
(I use it whenever I see an alert that I don't recognize).

-Brian






More information about the Snort-sigs mailing list