[Snort-sigs] Exciting things at Bleeding Snort!
matt at ...2436...
Wed Apr 13 20:22:00 EDT 2005
A quick update on some great things afoot at Bleeding Snort. It's a long
note but worth the read.
First, Demarc has generously committed to give us their recently
undertaken snort translations to bring to the open source world. They
have paid a professional translation firm to translate and map the
messages for snort.org sigs into many languages.
We will be working out a mechanism to make this available to the rest of
the community, likely talking to the BASE and Anvil folks about
integrating into their projects. Demarc has also offered to take the
Bleeding rulesets an run them through the same translation firm. We're
excited about the possibilities for our non-english native members of
the community (which are becoming the majority these days :) )
To work toward this project we're starting to standardize the signature
msg: fields to be consistent before they go to translation. We've
started that already, so for the next couple days you'll see some huge
update notices. Don't fret, we're only changing names. Not signature
We will also be soliciting folks that are native or fluent in other than
english to help in the future maintenance of this project. Please email
bleeding at ...2727... if you're qualified and interested. It'll be
a light load, just doing/verifying translations for future sigs.
Second big thing coming up is related to our recently added sponsor
Sensory Networks. Sensory has offered to open source the network testing
suite they use to benchmark their snort hardware products. This
represents a great deal of development investment they're making
available to us. We will be making this into an open project hosted at
And in a very fortunate coincidence the PHD's lead by Dr. Constantine
Manikopoulos at the NSF funded CONEX Labs of NJIT (njit.edu) have
offered the use of their multi-million dollar network test bed to be
used to test snort signatures and rulesets. The possibilities here are
immense, but a primary goal will be to allow us near realtime and
precise feedback on how certain signatures affect snort load, and to
immediately improve accuracy of signatures. There's a lot of work to be
done there, but great possibilities. We are eternally grateful both to
Sensory Networks and NJIT. You can read more about this project on it's
draft project outline page:
Volunteers with relevant experience wanted.
And finally, a few administrative notes. Joel Ebrahimi has been brought
on board as an admin. He has a great deal of signature experience, we
welcome his help and expertise.
Demarc has donated to us the registration of the .net and .com of our
domain. We hadn't thought to register them. Brendan generously did so
today and put them under our control. So look for those to go live shortly.
And last but not least, we've got an initial flexresponse ruleset
available. You can view it here:
We'll be getting an inline set up soon, and your feedback is welcome.
As always, thanks for your support. We're enjoying great success here at
bleeding, please keep your contributions coming. If you have spare time
and can help out we'd welcome an email. There are all sorts of admin
tasks that we can use help on every day.
On behalf of the entire bleeding admin team, thank you.
Matthew Jonkman, CISSP
Senior Security Engineer
765-429-0398 Direct Anytime
866-679-5177 24x7 NOC
NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.
More information about the Snort-sigs