IDS mailing list archives

RE: Automated IDS Signature Generator?

From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Wed, 18 Jun 2003 15:34:55 -0700

I believe the winner of the Honeynet Project's contest this spring
created a tool that did that using Honeyd data as as source.

toby

-----Original Message-----
From: quakeroats () hushmail com [mailto:quakeroats () hushmail com] 
Sent: Tuesday, June 17, 2003 3:34 PM
To: focus-ids () securityfocus com
Subject: Automated IDS Signature Generator?




IDS Folk,



Is there a utility/function/program that automatically 
generates an IDS 

signature based on a recording of a monitored exploit attempt? For 

example, say the exploit is brought into an isolated lab 
environment, and 

we record the whole attack. At the end of the attack, this 
"thing" spits 

out automated scripts for any number of IDS solutions. Seems like it 

would be something that companies like 
Snort/Symantec/Dragon/etc. might 

already have, but I've never heard of such a utility.



With Love,



Quaker Oats



"it's mmm mmm good..."

--------------------------------------------------------------
-----------------
Attend the Black Hat Briefings & Training, July 28 - 31 in 
Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 
training sessions, 
1,800 delegates from 30 nations including all of the top 
experts, from CSO's to 
"underground" security specialists.  See for yourself what 
the buzz is about!  
Early-bird registration ends July 3.  This event will sell 
out. www.blackhat.com
--------------------------------------------------------------
-----------------


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Current thread:

Automated IDS Signature Generator? quakeroats (Jun 18)
- Re: Automated IDS Signature Generator? Anton A. Chuvakin (Jun 19)
- Re: Automated IDS Signature Generator? Stefano Zanero (Jun 19)
- Re: Automated IDS Signature Generator? Christian Kreibich (Jun 22)
- <Possible follow-ups>
- RE: Automated IDS Signature Generator? Kohlenberg, Toby (Jun 18)
- RE: Automated IDS Signature Generator? Kohlenberg, Toby (Jun 19)