[Snort-sigs] FW: Signature Database

Mike Poor mike at ...2444...
Mon May 3 04:54:33 EDT 2004


I think Brian has a valid and interesting point, despite his lack of 
tact in delivery.  Snort.org is the best place for official sigs.  
snort-sigs is the best place for up-to-the-moment sigs to catch the 
latest version of a particular exploit, after all... that is what this 
forum is for.  Snort.org does have a considerable reputation, and 
posting official rules instantly without testing and quality control 
would be detrimental to the community and our networks.  I do know how 
many changes go into the rules we all write, before they are production 
quality (speaking for myself and a few others that I know first hand).

I know that there are certain changes coming to the CVS server for 
Snort that will make snort rule pushes available faster to the 
community (sourceforge is great, but it is slow).

Mike Poor

On Apr 27, 2004, at 2:26 PM, Brian wrote:

> Honestly, there is no way in HELL I would EVER put an interface on
> snort.org to allow random people to upload sigs, validate the syntax
> and push them out to the 300k people that download signatures
> automatically from snort.org.
>
> Thats nucking futs.
>
> If you want quick to market signatures, with little concern for
> quality, subscribe to the mailing list.  Watch the mailing list.  Pick
> and choose signatures that are right for your network.
>
> Having a web forum means yet another location to watch.  One with bad
> distribution mechanisms, poor scalability, and poor archive
> mechanisms.  Web forums are more different mailing lists, which are
> more different news groups.
>
> Brian





More information about the Snort-sigs mailing list