[Snort-users] uncle snort needs you

Brian bmc at ...950...
Sat Jan 19 16:06:05 EST 2002

You have received this mail because ... we need your help.

Here's the deal.  There is not a good reference point for alerts snort
keeps popping up in front of people's face.  We, the core snort team, are
working hard to build the best IDS possible, and this is the next step.

So, if you can help us out, we would be forever greatful.  I've built a
signature information database, and we need your help to fill in the blanks.

We need you to help research our signatures.  We are looking to provide our
users with the following information:

   Summary                      Impact
   Detailed Information         Attack Scenarios
   Ease of Attack               Recommended Action
   False Positives              False Negatives

Basicly, what the signature triggers on, why its important, how someone
might use this issue to their advantage (aka, to dos a system, exploit
it), what someone might do to mitigate this problem, how this may false,
and any additional references to what references we already have.

Here is the deal, attached is our template for the data that we are looking
for.  Research the information required by the template and email it to
snort-sigs at ...314...  One of the snort core developers will
add it into the database.

There are a few requirements for the information that we include in our
database.  The information must be ORIGINAL CONTENT.  Do not cut and paste 
someone elses work.  Paraphrasing is good, referencing is ok.  Just don't 
violate someone's copyright and all will be ok.  If you are unsure of some 
part of the rule, include that as a commentary and someone else perhaps will 
be able to fix it.

Also, We are also looking for pcap for each of the signatures.  If you have
raw tcpdump capture of these signatures, please send them to <bmc at ...950...>
to be included in the database.

Visit http://www.snort.org/snort-db/unfinished.html for a list of the
signatures that do not have a completed entry.

Please check http://www.snort.org/snort-db/ for more information.

This is a time consuming effort, but it will be worth it.


Brian Caswell
Snort Signature Nazi
-------------- next part --------------
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work. 
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
# $Id$







Detailed Information:

Attack Scenarios:

Ease of Attack:

False Positives:

False Negatives:

Corrective Action:


More information about the Snort-users mailing list