[Snort-users] Reliability of signatures

Crusty Saint saintcrusty at ...11827...
Fri Feb 4 11:12:13 EST 2011


For now a flag for false-pos and one for false-neg would be nice to have.
Never mind digging into snort.org/search every time.

2011/2/4 Martin Roesch <roesch at ...1935...>

> On Fri, Feb 4, 2011 at 10:16 AM, Jim Hranicky <jfh at ...5250...> wrote:
> > On Fri, 4 Feb 2011 09:13:12 -0600
> > Martin Holste <mcholste at ...11827...> wrote:
> >
> >> > Seems like there'd almost need to be a central place that various
> >> > entities could report their findings. I know we've got rules that we
> >> > rely on heavily and work very well for us, but other than mailing
> lists
> >> > there's no place to report our findings.
> >> >
> >>
> >> Hm, you mean like a vote up/down system like StackOverflow.com?  That
> >> could be really interesting.  It would be very valuable to see what
> >> others are finding to be helpful.
> >
> > Sure, something like that - that would actually be very cool.
>
> I like that idea too.  It'd make a lot of sense to integrate it into
> snort.org - in fact there's probably a lot of data about Snort
> detection performance, config options and rule quality we could put up
> there.  Communication favors the defender...
>
> Marty
>
> --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
> Sourcefire - Security for the Real World - http://www.sourcefire.com
> Snort: Open Source IDP - http://www.snort.org
>
>
> ------------------------------------------------------------------------------
> The modern datacenter depends on network connectivity to access resources
> and provide services. The best practices for maximizing a physical server's
> connectivity to a physical network are well understood - see how these
> rules translate into the virtual world?
> http://p.sf.net/sfu/oracle-sfdevnlfb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
- - -
Security Engineer - Tags: Analyst Systems Security Linux Firewall Network
Web Troubleshooting - If you think I deserve a rant, write me off-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110204/b8391981/attachment.html>


More information about the Snort-users mailing list