[Snort-users] Demarc Certified Open Signatures

Demarc Security snort_ml at ...2629...
Wed Mar 2 15:04:55 EST 2005

We haven't tested them with Oinkmaster yet, however you should have no
problem.  If for some reason they aren't compatible with oinkmaster, please
shoot me an email with the details and we'll make any necessary corrections to
make them compatible.  Additionally, we'll be adding the ability to search the
rulesets and find out exactly what has changed from day to day (script
friendly interfaces too!).

To Bamm's point on copyrights, The details about who wrote/contributed to each
individual rule is available through our Snort rule description database
interface at the community portal:


As for the downloads, we originally had separate contributer lines for each
individual rule to give everyone credit who worked on the rules such as all
the people who have contributed rules on the snort-sigs mailing list and all
the rules that originally came from whitehats, however this made the file
bulky and hard to visually parse.  We will however have the script that
interfaces with the rules database and creates these downloads reinsert the
general catchall line crediting marty, brian, "et al" to make sure that there
is no misinterpretation of our intentions.

Thanks for pointing that out!

Ashlyn Reznik
Demarc Threat Research Team
Email: areznik at ...4451...

--------   Original Message   --------
Date: Wed, March 2, 2005 10:18 am
From: "Ron Jenkins" <rjenkins at ...12829...>
To:   "Demarc Security" <snort_ml at ...2629...>
Subject: RE: [Snort-users] Demarc Certified Open Signatures

> Will oinkmaster work with the rules downloads?
> Thanks...
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Demarc
> Security
> Sent: Wednesday, March 02, 2005 12:09 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Demarc Certified Open Signatures
> Since our inception in 2001, Demarc has been committed to promoting secure
> Internet use by providing free versions of our products for users at home.
> We believe that because we use Open Source technology such as Linux and
> Snort,
> that we should give back to the security community as a whole.  We have
> continued to fulfill this commitment, most recently with the release of our
> Sentarus HomeAdmin Edition, which allows people to deploy some of our latest
> security technology in their home lab environments at no cost.
> In addition to our Sentarus and PureSecure products, our customers have also
> benefited from the expertise of our Threat Research Team which has, to date,
> been tasked with verifying rule stream updates and educating customers on
> the
> detailed workings of Snort technology. In light of some upcoming
> changes,
> we're now expanding our research team and formally announcing our new
> "Certified Open Signatures" program.  Our Certified Open Signatures program,
> which will be universally available to the entire community, is founded on
> these two principles:
>     1)  Like the Snort program itself, the latest rule signatures should
>         always be available for free because strong computer and network
> security are in everyone's best interests.
>     2)  The best way for a company to serve a community project is to
>         remain true to the original goals of that project and refrain from
> charging for vital components that have always been
>         community-driven and free.
> We make this announcement now, as we have recently received notice from
> Sourcefire that, as of next week, early access to all future Snort
> signatures
> they create will be based on a subscription model.
> The Sourcefire license changes as they were presented to us are:
>     - All rule updates will be a minimum of five days older than those
>       Sourcefire sells to their customers, and you will be required to
> register to receive them or to wait for the next major Snort release.
>    -  To receive the latest rules any sooner, you will have to pay
>       Sourcefire a rule subscription fee.
> We sincerely respect the efforts of the Sourcefire Snort development group
> along with the numerous others who created the base technology and rulesets
> that have made Snort a household name in the security community.
> However, one
> of the greatest benefits of using Snort is the community review process
> which
> will now be subject to an imposed arbitrary delay.
> At Demarc, our commitment to the security community is simple:
>    -  Demarc will maintain http://snort.demarc.com/ as a community
> portal
>       for Snort signatures and Snort-based technology.  (This site is meant
> to augment and not replace snort.org or the snort-sigs mailing list.)
>    -  Demarc will produce and revise rules, as well as collaborate with
>       active groups to bring together the best rules from all community
> sources.  User sites such as Bleeding Snort have been at the forefront
> of new signature development and we view these groups' contributions
> as invaluable.  Our goal is to work with these groups and to serve as
> the trusted source for certified,
>       production level rulesets.
>    -  Demarc's Threat Research Team will continue to provide the latest
>       cutting-edge and Demarc Certified rules, making them immediately
> available for public download and contribution.
>    -  Demarc will not charge for the download, use, or modification of
>       rules hosted on this site.
> Our community portal at http://snort.demarc.com/ will continually evolve
> over
> the next several weeks to offer more features, including direct user
> interaction. Our community portal will also become the new home for the
> statistical packet anomaly detection project and SnortSnarf, two
> projects
> originally managed by SiliconDefense and subsequently transferred to Demarc.
> We welcome your support on these projects through signature review and
> submissions, and, as with all community projects, your feedback is always
> welcome to help make it better.
> Sincerely,
> Ashlyn Reznik
> Demarc Threat Research Team
> Email: areznik at ...4451...
> http://www.demarc.com/products/
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------- End Original Message --------

More information about the Snort-users mailing list