[Snort-sigs] Snort rules snapshot archive?

Jeffrey Stebelton jstebelton at ...3769...
Wed Sep 25 07:25:33 EDT 2013

I highly doubt it's SANS. Having taken a number of SANS classes I can say the instructors are very knowledgeable and would know better than to direct someone writing a gold paper to a resource that doesn't exist. That, and the fact that the co-author  of the SEC503 course, Intrusion Detection In Depth, used to work for Sourcefire makes it very unlikely.

Senior Information Security Analyst
NetJets Inc.
4111 Bridgeway Avenue
Columbus, OH 43219
T: (614) 849-7281
C: (614) 364-3078
E: jstebelton at ...3769...<mailto:jstebelton at ...3769...>
NetJets(r) Inc. is a Berkshire Hathaway company.

From: Miso Patel [mailto:miso.patel at ...2420...]
Sent: Tuesday, September 24, 2013 12:51 PM
To: Joel Esler
Cc: Snort-sigs; waldo kitty
Subject: Re: [Snort-sigs] Snort rules snapshot archive?

Joel, I'm thinking it could be SANS.  I have talked with a number of SANS people a while back and they always tout IDS as a good research topic for their "gold" certification (or whatever it is called where you have to write a research paper, similar to graduate school but not accredited or a real school thesis).  One of my engineers went to a SANS class a few years ago and came back all fired up about writing a paper on "iDS - Intrusion Detection for Mac Users" but I don't remember the details.  That got shut down pretty quick.  We don't allow Macs in our environment and they aren't really a target anyway like MS Windows is so we couldn't justify giving him the time to do it since we wouldn't reap any benefits from it.

-Miso, CISO

On Tue, Sep 24, 2013 at 12:07 PM, Joel Esler <jesler at ...435...<mailto:jesler at ...435...>> wrote:
On Sep 24, 2013, at 12:04 AM, <wkitty42 at ...3507...<mailto:wkitty42 at ...3819.....>> <wkitty42 at ...3507...<mailto:wkitty42 at ...3507...>> wrote:

> On Monday, September 23, 2013 10:05 PM, yordanos beyene <yordanosb at ...3444...0...<mailto:yordanosb at ...2420...>> wrote:
>> I am working on a reasearch paper to study Snort rules growth and its impact on performance.
>> I appreciate if any one could help me download Snort rules snapshot for the last 5 to 10 years.
>> Is there any archive to access such rules?
> you are not the first to have asked about such in the last month or two... the answer then as now is that there is no such archive available... old version rules are removed from distribution when the old snort for them is EoL'd...
> it matters not what the purpose of the request is... it is simply impossible to fulfill...

Which University gives this assignment out every year?

October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>

Please visit http://blog.snort.org for the latest news about Snort!

*** *** ***
This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error,  please advise the sender by reply e-mail and delete the message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130925/bb501588/attachment.html>

More information about the Snort-sigs mailing list