[Snort-sigs] flowbits: netsenum

Joel Esler jesler at ...435...
Thu May 30 17:52:54 EDT 2013


On May 30, 2013, at 4:05 PM, waldo kitty <wkitty42 at ...3507...> wrote:

>  the fact that our environment it its own 
> distribution and not one of the big name brand one adds complication to the 
> process since they are distributed only in compiled form...

Let me also correct this statement.  We ship the large majority of SO rules in open form (meaning you can compile them yourself).  There are very few rules out that are part of our NDA agreement to obfuscate the detection being done through an SO.  We've only shipped one obfuscated rule (I think) in the past two years, and that's because its a zero day that we've reported to the vendor.

The vast majority of SO rules you can download the source for (it's included in the tarball) and compile on your own machine.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130530/a798649e/attachment.html>


More information about the Snort-sigs mailing list