[Snort-sigs] Protocol Anomaly Rules

orangganjil orangganjil at ...2258...
Tue Feb 24 06:54:09 EST 2004

I am thinking of writing some protocol anomaly rules for Snort (not behavioral anomaly, but rules that look for non-compliance with RFC's or other published standards). Does anyone know of any documentation that has already been written on this, or know of any rules that may have already been written? I don't want to reinvent the wheel if it's not necessary.

Once I have completed the rules I will post them for others to use. If you have any feedback, comments, or suggestions, they would be appreciated.


No banners. No pop-ups. No kidding.
Introducing My Way - http://www.myway.com

More information about the Snort-sigs mailing list