[Snort-sigs] Packet Payload database?
Rodrigo Ramos
rodrigo.ramos at ...2329...
Sat May 22 04:54:13 EDT 2004
Hi,
You can find a good help at http://www.giac.org/GCIA.php.
The book Intrusion Signatures and Analysis is also a good resource too.
Best Regards,
Rodrigo Ramos
http://www.triforsec.com.br
On Fri, 2004-05-21 at 17:50, Scott Zawalski wrote:
> Is there a database available to the public that has captures of what
> some of these rules are looking for? I have looked around and not been
> able to find one.
>
> If older rules have broad defniitions that later on produce false
> positives, people cannot improve them without knowing what the rule was
> originally constructed for. With a database like this available it will
> help older rules be even more fined tuned as newer net traffic
> (homegrown apps) might incorporate traffic bits that produces false
> positives.
>
> I think that something along these lines would fit in perfectly with the
> current snort-rules documentation and would be easy to keep up to date.
> As new rules come up simply attach the payload you produced it from.
>
> Scott
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040522/af52c509/attachment.sig>
More information about the Snort-sigs
mailing list