[Snort-users] Lion and multiple lists.

Scott A. McIntyre scott at ...1050...
Fri Mar 23 14:30:27 EST 2001


Hi,

Having caught the Lion worm last weekend, and developed a few signatures
for it based on actually snarfing the kit itself, it occurs to me that
we might be at a time in the History of Snort to have more than one
-users list.

A few threads of late highlight the potential usefulness of at least one
or two lists to help concentrate our respective areas of interest.

For example:

o win32
o signatures
o incidents

The first is rather self explanatory.

The second could be for folks looking to develop and share signatures
they may belive are of use to the rest of the snort-community.

The final is just something that I'd like to see because the Security
Focus Incidents list seems to be so US Time Zone dependent that things
that effect Europe, Asia, oh, the rest of the planet basically, tend to
go unapproved/moderated for an entire working day, a day in which every
moment counts.

Since snort is so popular for tracking incidents and the development of
signatures for new ones, there would probably be too much cross posting
between those latter two lists, but even so I sense there may be some
usefulness in at least a specific list dedicated towards signature
development and refinement.

Thoughts?

Scott





More information about the Snort-users mailing list