[Snort-sigs] FW: Signature Database
mike at ...2444...
Mon May 3 04:54:33 EDT 2004
I think Brian has a valid and interesting point, despite his lack of
tact in delivery. Snort.org is the best place for official sigs.
snort-sigs is the best place for up-to-the-moment sigs to catch the
latest version of a particular exploit, after all... that is what this
forum is for. Snort.org does have a considerable reputation, and
posting official rules instantly without testing and quality control
would be detrimental to the community and our networks. I do know how
many changes go into the rules we all write, before they are production
quality (speaking for myself and a few others that I know first hand).
I know that there are certain changes coming to the CVS server for
Snort that will make snort rule pushes available faster to the
community (sourceforge is great, but it is slow).
On Apr 27, 2004, at 2:26 PM, Brian wrote:
> Honestly, there is no way in HELL I would EVER put an interface on
> snort.org to allow random people to upload sigs, validate the syntax
> and push them out to the 300k people that download signatures
> automatically from snort.org.
> Thats nucking futs.
> If you want quick to market signatures, with little concern for
> quality, subscribe to the mailing list. Watch the mailing list. Pick
> and choose signatures that are right for your network.
> Having a web forum means yet another location to watch. One with bad
> distribution mechanisms, poor scalability, and poor archive
> mechanisms. Web forums are more different mailing lists, which are
> more different news groups.
More information about the Snort-sigs