[Snort-sigs] Bases for writting snort rules

Guy Martial Nkenne Tchassi nkennetguy at ...2420...
Thu May 16 08:34:15 EDT 2013


Hi everyone,

I am wondering, what are the bases on wich the rules we download from
snort's website are written. Specifically, i want to know if there is a
sort of list describing the content of suspicious paquets in the network or
a sort of database of detected intrusions wich is updated regulary.
To be clearer, i will take the example of antiviruses. Most of them(if not
all) have a viral database on wich they relay in order to determine threats
on the systems on wich  they are installed. Then for each treat, there is a
sort of predefined set of actions that can be undertaken to eliminate the
threats.
I dont know if i've been understood. Please help me with these worries i
have.

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130516/965c3c5d/attachment.html>


More information about the Snort-sigs mailing list