[Snort-sigs] Rule Set Completness
emf at ...3056...
Mon May 8 12:08:03 EDT 2006
> 1. Is the VRT set suppose to be a "complete" (for the lack of a better
> word. Maybe adequate would be better?) rule set capable of independent
> deployment. "Complete" meaning including rules for most known
> vulnerabilities/attacks or...
No. Of the fuzzy "sorta" variety of no. It's complete in the sense that
if it doesn't detect something and you're a paying customer of sourcefire,
you can complain and alter that situation.
> 2. Would a "complete" or "more complete" set include the combination
> of VRT+Community+BleedingEdge Snort. If so...
> 3. Would the combination of VRT+Community+BleedingEdge result in a lot
> of duplicate signatures?
Of course it would. Yes.
see also: OSSRC Rules Overlap Committee.
Erik Fichtner; Unix Ronin
"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 253 bytes
Desc: OpenPGP digital signature
More information about the Snort-sigs