Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Vulnerability & Exploit Signatures

from [MadHat] Network Security [Permanent Link]
Subject: Re: Vulnerability & Exploit Signatures
Date: Thu, 16 Jun 2005 12:46:40 -0500
On Jun 16, 2005, at 7:25 AM, Kelly Dowd wrote: 
I doubt there is any licensing of base signatures between vendors
(signature engines vary greatly between products, you can't just 'use'
another products sigs).   You will find that some developers look at
existing signature sets to get 'ideas', but it's far from a
one-for-one copy.  Companies must develop their own sigs just like
they develop their own appliances... it's a total package.

I think he might have meant signature data. Like does every vendor research every attack and vulnerability to create every signature or is there a company that sells the data to allow you to create your own signatures based on someone else's research.


-Kelly D.

On 6/14/05, Jackson Yu <jackson.yu@earthlink.net> wrote:

Hi, I'm new to this list, so please bear with my question:

ASIC/FPGA/Software/detection techniques aside, I sense that a huge value of IPS
vendors are the lab-type organizations that are constantly developing new filters
in response to new vulnerabilities and exploits. However, there's no way that such
vendors can "hit the market" if you will with 2000+ filters out on day
one.

Do all these vendors license the same set of "base" filters from, say,
Sourcefire / Snort derived rule source in the back? Is there a commonality there? At the end of the day, can I say that "Gee, most vendors' base set of 1500 IPS signatures are the same, its just the 300 or so that the vendors have additionally developed on top of that 1500 that are different!"


Thanks

Jackson



--------------------------------------------------------------------- -----
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- ids_040708
to learn more.
--------------------------------------------------------------------- -----




---------------------------------------------------------------------- ----
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- ids_040708
to learn more.
---------------------------------------------------------------------- ----




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Vulnerability & Exploit Signatures, Matt Jonkman
Next by Date:  Wireless Intrusion Detection, Stefano Zanero
Previous by Thread:  Re: Vulnerability & Exploit Signatures, Matt Jonkman
Next by Thread:  Re: Vulnerability & Exploit Signatures, M. Dodge Mumford
Indexes:  [Date] [Thread] [Top] [All Lists]