Yes...SOURCEFIRE customers get those signatures early. They get handed
out to the Snort world well after the fact. SourceFire is a commercial
company and you must PAY to get their product.
In other words - Sourcefire is no different than TP, ISS or any other
commercial vendor in this regard. As such, we're all just selling what
we know.
___________________________________
Andrew Plato, CISSP
President/Principal Consultant
Anitian Enterprise Security
-----Original Message-----
From: Richard Bejtlich [mailto:taosecurity@gmail.com]
Sent: Monday, April 10, 2006 10:36 AM
To: Andrew Plato
Cc: Basgen, Brian; focus-ids@securityfocus.com
Subject: Re: IDS vs. IPS deployment feedback
You are not familiar with modern Snort signature development by the
Sourcefire Vulnerability Research Team. See:
http://www.sourcefire.com/services/sf_vrt.html
For one example:
http://www.sourcefire.com/news/press_releases/pr121504.html
_________________________________________________
NOTICE:
This email may contain confidential information,
and is for the sole use of the intended recipient.
If you are not the intended recipient, please reply
to the message and inform the sender of the error
and delete the email and any attachments from
your computer.
_________________________________________________
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
