[Snort-sigs] Rule Set Completness

Erik Fichtner emf at ...3056...
Mon May 8 12:08:03 EDT 2006


Gentoo-Wally wrote:

> 1. Is the VRT set suppose to be a "complete" (for the lack of a better
> word. Maybe adequate would be better?) rule set capable of independent
> deployment. "Complete" meaning including rules for most known
> vulnerabilities/attacks or...

No.  Of the fuzzy "sorta" variety of no.   It's complete in the sense that
if it doesn't detect something and you're a paying customer of sourcefire,
you can complain and alter that situation.

> 2. Would a "complete" or "more complete" set include the combination
> of VRT+Community+BleedingEdge Snort. If so...

Yes.

> 3. Would the combination of VRT+Community+BleedingEdge result in a lot
> of duplicate signatures?

Of course it would.  Yes.

see also: OSSRC Rules Overlap Committee.



-- 
Erik Fichtner; Unix Ronin

"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060508/ef10532c/attachment.sig>


More information about the Snort-sigs mailing list