[Snort-sigs] Signature contributions

VanBrecht, Jason Jason.VanBrecht at ...2498...
Tue May 18 11:55:06 EDT 2004


I'll take an expensive car if they are giving em out :)

Jason van Brecht
Security Analyst


-----Original Message-----
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of
nnposter at ...592...
Sent: Tuesday, May 18, 2004 12:41 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] Signature contributions



I would like to solicit feedback, particularly from Sourcefire, in how
non-Sourcefire folks like me should contribute signature updates, if at
all.


Background: Over the course of last four weeks I have submitted update 
proposals for 16 rules with poor results:

Subject: Poor detection rate by 1:716:6 (TELNET access)
Date: Tue, 27 Apr 2004
==> rule updated

Subject: Avoidance of 1:1970:1 (WEB-IIS MDAC Content-Type overflow
attempt)
Date: Tue, 27 Apr 2004
==> rule updated

Subject: Re: Avoidance of 1:1970:1 (WEB-IIS MDAC Content-Type overflow
attempt)
Date: Thu, 29 Apr 2004
==> no update or feedback

Subject: False positives on 1:1054:6 (WEB-MISC weblogic/tomcat .jsp view
source attempt)
Date: Thu,  6 May 2004
==> no update or feedback

Subject: False negatives on 1:491:6 (INFO FTP Bad login)
Date: Thu, 10 May 2004
==> no update or feedback


Overall, 2 out of 16 accepted and the rest silently ignored. I am not
expecting the contributions to be automatically accepted and expensive
cars given as rewards but I would appreciate if I was at least told why
they were rejected. This way I would have a chance to produce better
update proposals in the future or stop sending them if they are of no
interest to the community.

Cheers


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now
for SourceForge Broadband and get the fastest 6.0/768 connection for
only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list