[Snort-users] [Emerging-Sigs] Reliability of signatures

Matt Olney molney at ...1935...
Fri Feb 11 11:54:22 EST 2011


Here is the whitepaper for the Razorback project:

http://www.scribd.com/doc/35792512/Project-Razorback-Whitepaper

<http://www.scribd.com/doc/35792512/Project-Razorback-Whitepaper>The latest
snort has the razorback module included so it can feed intel data to the
Razorback system.  System is still exceptionally alpha, so YMMV.

On Fri, Feb 11, 2011 at 11:45 AM, Seth Hall <seth at ...14966...> wrote:

>
> On Feb 11, 2011, at 10:08 AM, Matt Olney wrote:
>
> > There is not a better solution for detecting the delivery of exploits,
> that is the job of an IDS.  SPAM can lead you to an attack, or to a longer
> *****, but it isn't, in itself an attack.
>
> I never claimed that it was an attack, I only responded to your statement
> that "spam isn't an IDS issue".
>
> > I agree there is a ton of metadata on the network that is incredibly
> useful both for correlation and forensics (see intel nuggets on Razorback).
>
> What I've noticed though is that frequently tools don't make the right
> information available at the right time and the right place.  Where can I
> read more about what intel nuggets are?
>
>  .Seth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110211/fb3e1778/attachment.html>


More information about the Snort-users mailing list