[Snort-users] [Emerging-Sigs] Reliability of signatures

Seth Hall seth at ...14966...
Fri Feb 11 09:55:14 EST 2011


On Feb 10, 2011, at 9:55 AM, Matt Olney wrote:

> Also, SPAM isn't an IDS issue, at least from my point of view.  I worry about malicious, not asinine.

Ouch, seriously?  In my opinion, if it goes over the network it's an IDS issue.  Sometimes it's incredible how many little, seemingly inconsequential bits of information will add up over time to mean something much different and much more important.  Maybe the remote IP address sending spam doesn't mean much for an incident response team by itself, but if that IP address logs into some local box over SSH that would be worth looking into.
 
  .Seth



More information about the Snort-users mailing list