[Snort-users] Lion and multiple lists.

Michael Boman michael at ...1290...
Mon Mar 26 21:02:03 EST 2001


Martin Roesch wrote:
> 
> "Scott A. McIntyre" wrote:
> >
> > Hi,
> >
> > Having caught the Lion worm last weekend, and developed a few signatures
> > for it based on actually snarfing the kit itself, it occurs to me that
> > we might be at a time in the History of Snort to have more than one
> > -users list.
> >
> > A few threads of late highlight the potential usefulness of at least one
> > or two lists to help concentrate our respective areas of interest.
> >
> > For example:
> >
> > o win32
> 
> Are we seeing enough win32 traffic to justify this one?
> 
> > o signatures
> 
> The signature list already exists., it's called "snort-sigs".  Go to the
> project page at snort.sourceforge.net and hit the link for the project
> page, then go to "lists".  You'll see a link to sign up for the sigs
> list (which is almost completely dead currently).
> 
> > o incidents
> 
> Hmm, this one is a little out of scope for the project, but I suppose we
> could do something like this if people really want it.

SecurityFocus.com already has a INCIDENTS list. No need to duplicate the
effort, right?

Just my $0.02

Best regards
 Michael Boman
 
> Maybe we could combine incidents and sigs together into something like
> "snort-engineering" or something...
> 
>     -Marty
> 
> > The first is rather self explanatory.
> >
> > The second could be for folks looking to develop and share signatures
> > they may belive are of use to the rest of the snort-community.
> >
> > The final is just something that I'd like to see because the Security
> > Focus Incidents list seems to be so US Time Zone dependent that things
> > that effect Europe, Asia, oh, the rest of the planet basically, tend to
> > go unapproved/moderated for an entire working day, a day in which every
> > moment counts.
> >
> > Since snort is so popular for tracking incidents and the development of
> > signatures for new ones, there would probably be too much cross posting
> > between those latter two lists, but even so I sense there may be some
> > usefulness in at least a specific list dedicated towards signature
> > development and refinement.
> >
> > Thoughts?
> >
> > Scott


-- 
"eLINUX  ---  Enabling the Net Economy on Linux"
----------------------------------------------------------
Michael Boman                   eLinux Pte Ltd
LPIC-1                          http://www.elinux.com.sg
Technical Consultant            Tel:    (65)  227 6180
michael at ...1290...           Fax:    (65)  227 5808
----------------------------------------------------------




More information about the Snort-users mailing list