[Snort-sigs] Packet Payload database?

Rodrigo Ramos rodrigo.ramos at ...2329...
Sat May 22 04:54:13 EDT 2004


Hi,

You can find a good help at http://www.giac.org/GCIA.php.
The book Intrusion Signatures and Analysis is also a good resource too.

Best Regards,
Rodrigo Ramos
http://www.triforsec.com.br


On Fri, 2004-05-21 at 17:50, Scott Zawalski wrote:
> Is there a database available to the public that has captures of what 
> some of these rules are looking for? I have looked around and not been 
> able to find one.
> 
>  If older rules have broad defniitions that later on produce false 
> positives, people cannot improve them without knowing what the rule was 
> originally constructed for. With a database like this available it will 
> help older rules be even more fined tuned as newer net traffic 
> (homegrown apps)  might incorporate traffic bits that produces false 
> positives.
> 
> I think that something along these lines would fit in perfectly with the 
> current snort-rules documentation and would be easy to keep up to date. 
> As new rules come up simply attach the payload you produced it from.
> 
> Scott
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040522/af52c509/attachment.sig>


More information about the Snort-sigs mailing list