[Snort-users] RFC:new classifications

Brian bmc at ...950...
Tue Oct 2 19:56:02 EDT 2001


Please review and comment on our 'new and improved' classifications.  
We realie that our current system of classification SUCKS.  And it 
sucks BADLY.  We are trying to correct the suckage before everyone 
(ok, before I get stuck using it) and its too difficult to change.

Comments are welcome.  Alcohol would be wonderful.  Sex is optional.

And no, we are not getting rid of "kickass-porn".  sorry.

-brian

-- 
Anyone can do any amount of work provided it isn't the work he is
supposed to be doing at the moment.
                -- Robert Benchley
-------------- next part --------------
config classification: rpc-portmapper-decode,Decode of an RPC Query,2
config classification: shellcode-detect,Executable code was detected,1
config classification: string-detect,A suspicious string was detected,3
config classification: suspicious-filename-detect,A suspicious filename was detected,2
config classification: system-call-detect,A system call was detected,2
config classification: tcp-connection,A TCP connection was detected,4
config classification: trojan-activity,A Network Trojan was detected, 1
config classification: unusual-client-port-connection,A client was using an unusual port,2
config classification: network-scan,Detection of a Network Scan,3
config classification: denial-of-service,Detection of a Denial of Service Attack,2
config classification: non-standard-protocol,Detection of a non-standard protocol or event ,2
config classification: protocol-command-decode,Generic Protocol Command Decode,3
config classification: web-application-activity,potentually vulnerable web application access,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
config classification: icmp-event,Generic ICMP event,3
config classification: kickass-porn,Why search for porn?  Let management do it for you,1



More information about the Snort-users mailing list