Network Security: Detailed info on Re: [Snort-sigs] Rule Set Completness

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Snort-Signatures

[Top] [All Lists]

Re: [Snort-sigs] Rule Set Completness

from [Erik Fichtner] Network Security

[Permanent Link]

Subject:	Re: [Snort-sigs] Rule Set Completness
Date:	Mon, 08 May 2006 15:07:37 -0400

Gentoo-Wally wrote:

1. Is the VRT set suppose to be a "complete" (for the lack of a better
word. Maybe adequate would be better?) rule set capable of independent
deployment. "Complete" meaning including rules for most known
vulnerabilities/attacks or...


No.  Of the fuzzy "sorta" variety of no.   It's complete in the sense that
if it doesn't detect something and you're a paying customer of sourcefire,
you can complain and alter that situation.

2. Would a "complete" or "more complete" set include the combination
of VRT+Community+BleedingEdge Snort. If so...


Yes.

3. Would the combination of VRT+Community+BleedingEdge result in a lot
of duplicate signatures?


Of course it would.  Yes.

see also: OSSRC Rules Overlap Committee.



-- 
Erik Fichtner; Unix Ronin

"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell

signature.asc
Description: OpenPGP digital signature

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] Rule Set Completness, Gentoo-Wally Re: [Snort-sigs] Rule Set Completness, Erik Fichtner <= Re: [Snort-sigs] Rule Set Completness, Jason Brvenik Re: [Snort-sigs] Rule Set Completness, Matt Jonkman Re: [Snort-sigs] Rule Set Completness, Frank Knobbe Re: [Snort-sigs] Rule Set Completness, Jennifer Steffens Re: [Snort-sigs] Rule Set Completness, Roland Turner Re: [Snort-sigs] Rule Set Completness, Jennifer Steffens Re: [Snort-sigs] Rule Set Completness, Roland Turner Re: [Snort-sigs] Rule Set Completness, Matt Jonkman

Previous by Date:	[Snort-sigs] Rule Set Completness, Gentoo-Wally
Next by Date:	Re: [Snort-sigs] Rule Set Completness, Jason Brvenik
Previous by Thread:	[Snort-sigs] Rule Set Completness, Gentoo-Wally
Next by Thread:	Re: [Snort-sigs] Rule Set Completness, Jason Brvenik
Indexes:	[Date] [Thread] [Top] [All Lists]