[Snort-users] [Emerging-Sigs] Reliability of signatures

Matt Olney molney at ...1935...
Thu Feb 10 09:55:54 EST 2011


No, scanning LAMP network for II6 holes are not FPs, it just means that
tuning of rules is in order.  Also, SPAM isn't an IDS issue, at least from
my point of view.  I worry about malicious, not asinine.

Matt (Seriously, back to razorback now)

On Thu, Feb 10, 2011 at 9:43 AM, Michael Scheidell <
michael.scheidell at ...8144...> wrote:

>  if someone is scanning my LAMP network for IIS6 holes, are those FP's?
> btw, when on the icsa labs anti-spam initial steering group, all the
> vendors argues about was a SPAM and HAM was.
> that was the largest, longest and noisiest and most contentious issue.
>
> what is a spam?
> a) from email admin perspective:
> b) from user perspective.
>
> from a user, its 'something I didn't want, even if I signed up for it'
>
> ham? something I wanted, even if I didn't sign up for it.
>
> needed to come to an agreement, since part of the icsa labs certification
> was > 95% spam capture, and less then 1 in 100,000 FP's.
>
> so, if brother in law on aol gets a joke fwd to him, that has been around
> 100 times, and sends it to user, and the (business tuned) anti-spam engine
> blocks it, is that a FP?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110210/6903488e/attachment.html>


More information about the Snort-users mailing list