[Snort-sigs] Exciting things at Bleeding Snort!

Matt Jonkman matt at ...2436...
Wed Apr 13 20:22:00 EDT 2005


A quick update on some great things afoot at Bleeding Snort. It's a long 
note but worth the read.

First, Demarc has generously committed to give us their recently 
undertaken snort translations to bring to the open source world. They 
have paid a professional translation firm to translate and map the 
messages for snort.org sigs into many languages.

We will be working out a mechanism to make this available to the rest of 
the community, likely talking to the BASE and Anvil folks about 
integrating into their projects. Demarc has also offered to take the 
Bleeding rulesets an run them through the same translation firm. We're 
excited about the possibilities for our non-english native members of 
the community (which are becoming the majority these days :) )

To work toward this project we're starting to standardize the signature 
msg: fields to be consistent before they go to translation. We've 
started that already, so for the next couple days you'll see some huge 
update notices. Don't fret, we're only changing names. Not signature 
content.

We will also be soliciting folks that are native or fluent in other than 
english to help in the future maintenance of this project. Please email 
bleeding at ...2727... if you're qualified and interested. It'll be 
a light load, just doing/verifying translations for future sigs.

Second big thing coming up is related to our recently added sponsor 
Sensory Networks. Sensory has offered to open source the network testing 
suite they use to benchmark their snort hardware products. This 
represents a great deal of development investment they're making 
available to us. We will be making this into an open project hosted at 
bleeding.

And in a very fortunate coincidence the PHD's lead by Dr. Constantine 
Manikopoulos at the NSF funded CONEX Labs of NJIT (njit.edu) have 
offered the use of their multi-million dollar network test bed to be 
used to test snort signatures and rulesets. The possibilities here are 
immense, but a primary goal will be to allow us near realtime and 
precise feedback on how certain signatures affect snort load, and to 
immediately improve accuracy of signatures. There's a lot of work to be 
done there, but great possibilities. We are eternally grateful both to 
Sensory Networks and NJIT. You can read more about this project on it's 
draft project outline page:
http://www.bleedingsnort.com/staticpages/index.php?page=bleeding-testsuite

Volunteers with relevant experience wanted.

And finally, a few administrative notes. Joel Ebrahimi has been brought 
on board as an admin. He has a great deal of signature experience, we 
welcome his help and expertise.

Demarc has donated to us the registration of the .net and .com of our 
domain. We hadn't thought to register them. Brendan generously did so 
today and put them under our control. So look for those to go live shortly.

And last but not least, we've got an initial flexresponse ruleset 
available. You can view it here:
http://www.bleedingsnort.com/flex-response/

We'll be getting an inline set up soon, and your feedback is welcome.

As always, thanks for your support. We're enjoying great success here at 
bleeding, please keep your contributions coming.  If you have spare time 
and can help out we'd welcome an email. There are all sorts of admin 
tasks that we can use help on every day.

On behalf of the entire bleeding admin team, thank you.

Matt






--------------------------------------------
Matthew Jonkman, CISSP
Senior Security Engineer
Infotex
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC
my.infotex.com
www.offsitefilter.com
www.bleedingsnort.com
--------------------------------------------


NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.




More information about the Snort-sigs mailing list