[Snort-sigs] Rule Set Completness

Gentoo-Wally gentoowally at ...2420...
Mon May 8 12:01:04 EDT 2006


Hi,

I have trolled around on the forums at both snort.org and at
bleedingsnort.org and taken a look at ossrc.snort.org, but I'm still a
little fuzzy on the relationship (or lack there of) of the different
rule sets. Couple of questions...

1. Is the VRT set suppose to be a "complete" (for the lack of a better
word. Maybe adequate would be better?) rule set capable of independent
deployment. "Complete" meaning including rules for most known
vulnerabilities/attacks or...

2. Would a "complete" or "more complete" set include the combination
of VRT+Community+BleedingEdge Snort. If so...

3. Would the combination of VRT+Community+BleedingEdge result in a lot
of duplicate signatures?

thx,
Wally




More information about the Snort-sigs mailing list