[Snort-sigs] OSSRC Rules Overlap Committee

Erik Fichtner emf at ...3056...
Wed Feb 1 06:53:10 EST 2006


Blake Hartstein wrote:
> Of course the default options could still be allowed, but this would
> certainly solve the problems of allowing multiple people to
> independently manage their own sids.

The "Problem With The Rulesets" is not that the sid's clash, but that the
intent of the rules themselves clash!   That's what needs to be fully
addressed, how to deal with precedence issues, and how to deal with rules
of similar but unequal intent, or similar but unequal performance.

The majority of the issue is the overlap in detection coverage between
the groups, though, and there needs to be a way to express which ones
you, the user, prefer so that you don't end up with twenty copies of
the same signature.



-- 
Erik Fichtner; Unix Ronin

"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060201/c4de77e1/attachment.sig>


More information about the Snort-sigs mailing list