[Snort-sigs] Snort rules snapshot archive?

Miso Patel miso.patel at ...2420...
Tue Sep 24 12:51:10 EDT 2013


Joel, I'm thinking it could be SANS.  I have talked with a number of SANS
people a while back and they always tout IDS as a good research topic for
their "gold" certification (or whatever it is called where you have to
write a research paper, similar to graduate school but not accredited or a
real school thesis).  One of my engineers went to a SANS class a few years
ago and came back all fired up about writing a paper on "iDS - Intrusion
Detection for Mac Users" but I don't remember the details.  That got shut
down pretty quick.  We don't allow Macs in our environment and they aren't
really a target anyway like MS Windows is so we couldn't justify giving him
the time to do it since we wouldn't reap any benefits from it.

HTH.

-Miso, CISO


On Tue, Sep 24, 2013 at 12:07 PM, Joel Esler <jesler at ...435...> wrote:

> On Sep 24, 2013, at 12:04 AM, <wkitty42 at ...3507...> <
> wkitty42 at ...3507...> wrote:
>
> >
> > On Monday, September 23, 2013 10:05 PM, yordanos beyene <
> yordanosb at ...2420...> wrote:
> >> I am working on a reasearch paper to study Snort rules growth and its
> impact on performance.
> >> I appreciate if any one could help me download Snort rules snapshot for
> the last 5 to 10 years.
> >> Is there any archive to access such rules?
> >
> > you are not the first to have asked about such in the last month or
> two... the answer then as now is that there is no such archive available...
> old version rules are removed from distribution when the old snort for them
> is EoL'd...
> >
> > it matters not what the purpose of the request is... it is simply
> impossible to fulfill…
>
> Which University gives this assignment out every year?
>
> Joel
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130924/80d1c79e/attachment.html>


More information about the Snort-sigs mailing list