[Snort-sigs] [Snort-users] Team0x42 Snort rules
nigel at ...435...
Tue Apr 8 08:15:40 EDT 2008
On 4/7/08 5:01 PM, "TheWell" <TheWell at ...3348...> wrote:
> Some good snort rules by Team0x42
> Shellcode detection, Web attack detection, DoS detection and web-misc rules
> You can download the rule set from:
Thanks for the effort to write and share your rules. Honestly though, they
do need a little work. Your best bet is to join the snort-sigs mailing list
and submit your efforts there. It is the best place to get constructive and
useful feedback on your rules. We are always happy to help people who listen
and make the effort to produce good work.
Take note of the comments in this thread about the encoding of shellcode and
reducing the number of rules by using a modification to your pcre options.
It would also help people to know what version(s) of snort you tested your
Cross-posting this to snort-sigs so that the discussion might continue
More information about the Snort-sigs