[Snort-sigs] RE: Signature Database

Frank Knobbe frank at ...1978...
Wed Apr 28 09:17:11 EDT 2004


On Wed, 2004-04-28 at 09:46, James Ashton wrote:
> I am not going to release a file to be automaticaly added like people
> add your rule files.

Good, that takes care of that "threat" :)

>  but I do think that there is a need for someone to offer a group of
> rules that has less moderation and, while definatly not the rule
> quality you provide, gets there fast enough to take SOME of the load
> off the overworked techs that are dealing with outbreaks of new stuff.

But isn't this exactly what this list is about? When Symantec or ISS or
Lurhq or SANS ISC or dshield users release a signature, it most always
finds its way into this list by being forwarded by someone who saw the
sig. Members of this list can then incorporate that sig into their
custom rules file or not, their choice. But I don't see why we need yet
another place providing those sigs.

Instead, if you like to contribute, just keep your eyes open for sigs
and then forward them to this list. Anyone can keep a running list or
archive in their own mail program. Seems more visible than having to go
check a web site every day.

Regards,
Frank

-- 
Warning at the Gates of Bill:  
Abandon hope, all ye who press <ENTER> here...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040428/2e747787/attachment.sig>


More information about the Snort-sigs mailing list