Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] Comments for rules

from [Russell Fulton] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] Comments for rules
Date: Fri, 27 May 2005 09:20:35 +1200 
On Tue, 2005-05-24 at 10:25 +-0100, Jo+AOM-o Mota wrote:
+AD4 Matt Jonkman wrote:
+AD4 
+AD4 +AD4 It is definitely on our future goals. A method where you can easily 
+AD4 +AD4 get to the docs of a particular sig by hitting
+AD4 +AD4
+AD4 +AD4 www.bleedingsnort.com/docs.php?sid+AD0-2000000
+AD4 
+AD4 I don't think that creating a dinamic page/site is totally necessary. 

once you have the information stored and maintained (that is the big
job) making it available dynamically via the web is trivially (by
comparison anyway) easy and it makes a big difference to the utility of
the info.  

I don't see aiming for this as slowing down the delivery of the docs.
In fact if it came to the stage where BS had the docs I'd happily
volunteer to write a simple web based search app.

While on the topic of documentation, I'm afraid that in this case the
best (and possibly the only) person to write it is the person who wrote
the original rule.  I consider myself reasonably up with the network
forensics scene and yet often look at rules that others have written and
have been unsure exactly what they are trying to achieve, particularly
when the message is cryptic.  I believe that all rule submissions should
have at least an extended sentence or a short paragraph explaining what
the rule is intended to do and some explicit reference to the threat it
is trying to detect (CVE etc or link to other source). 

Russell

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] FP for BLEEDING-EDGE TROJAN IRC Bot DDoS command, Erik Fichtner
Next by Date:  [Snort-sigs] FP for IMAP login format string attempt sid 2664, Russell Fulton
Previous by Thread:  Re: [Snort-sigs] Comments for rules, Matt Jonkman
Next by Thread:  [Snort-sigs] CoreMarks Code Donated by Sensory Networks!, Matt Jonkman
Indexes:  [Date] [Thread] [Top] [All Lists]