[Snort-users] Lion and multiple lists.

Martin Roesch roesch at ...421...
Mon Mar 26 20:08:10 EST 2001

"Scott A. McIntyre" wrote:
> Hi,
> Having caught the Lion worm last weekend, and developed a few signatures
> for it based on actually snarfing the kit itself, it occurs to me that
> we might be at a time in the History of Snort to have more than one
> -users list.
> A few threads of late highlight the potential usefulness of at least one
> or two lists to help concentrate our respective areas of interest.
> For example:
> o win32

Are we seeing enough win32 traffic to justify this one?

> o signatures

The signature list already exists., it's called "snort-sigs".  Go to the
project page at snort.sourceforge.net and hit the link for the project
page, then go to "lists".  You'll see a link to sign up for the sigs
list (which is almost completely dead currently).

> o incidents

Hmm, this one is a little out of scope for the project, but I suppose we
could do something like this if people really want it.  

Maybe we could combine incidents and sigs together into something like
"snort-engineering" or something...


> The first is rather self explanatory.
> The second could be for folks looking to develop and share signatures
> they may belive are of use to the rest of the snort-community.
> The final is just something that I'd like to see because the Security
> Focus Incidents list seems to be so US Time Zone dependent that things
> that effect Europe, Asia, oh, the rest of the planet basically, tend to
> go unapproved/moderated for an entire working day, a day in which every
> moment counts.
> Since snort is so popular for tracking incidents and the development of
> signatures for new ones, there would probably be too much cross posting
> between those latter two lists, but even so I sense there may be some
> usefulness in at least a specific list dedicated towards signature
> development and refinement.
> Thoughts?
> Scott
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Martin Roesch
roesch at ...421...

More information about the Snort-users mailing list