[Snort-sigs] Surprised by snort classtype...

Matt Olney molney at ...435...
Tue Jan 19 13:20:22 EST 2010

Just bugged this.

I agree that this is a phrase that is not on that is appropriate.  It
is a (very) legacy line of code from a classtype we no longer use.  I
will work with the Snort team to get this addressed as quickly as


On Tue, Jan 19, 2010 at 12:57 PM, Guise McAllaster
<guise.mcallaster at ...2420...> wrote:
> Gents,
> Yesterday I was tasked with giving an executive level presentation to the
> CISO and CFO for the security benefits of Snort in an IDS role as a budget
> justification for a SourceFire IPS sensor/appliance and VRT subscription.
> The presentation was going quite well and they asked about content filter
> and policy violations and I showed several examples, including classtype,
> from our live system.  Sadly, several of the entries contained
> "kickass-porn" and the female CISO was very upsetting.  Both the CFO and
> CISO reacted negatively, claims an Enterprise-Ready product would never use
> such unprofessional profane names.  I was surprised too and looked in the
> manual and saw that the description for "kickass-porn" was, "SCORE! - get
> the lotion".  What? >:-0 Really? Now I'm looking at a budget trim for this
> year as well as being forced away from adoption of the SF IPS product since
> a similar asstype is used.
> While most IDS mates can laugh it off this is something to keep in mind with
> regard to the professionalism such word choices say.  In this case, with
> some fault of my own for not scrubbing the bits, it cost me what I would
> rate a top notch IPS product.  Now I'm forced to settle for something
> inferior. :(  Just wanting to warn others to not make my same mistake.
> Guise
> ------------------------------------------------------------------------------
> Throughout its 18-year history, RSA Conference consistently attracts the
> world's best and brightest in the field, creating opportunities for
> Conference
> attendees to learn about information security's most important issues
> through
> interactions with peers, luminaries and emerging and established companies.
> http://p.sf.net/sfu/rsaconf-dev2dev
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs

More information about the Snort-sigs mailing list