IDS mailing list archives
Signature development
From: <ravivsn () roc co in>
Date: Tue, 10 Jun 2003 22:35:02 +0530 (IST)
Hi, Thank you for the great answers on my earlier subject : Help in evaluating IDS/IPS solutions. I got several emails to my mail box directly too. Interestingly (to me), good number of respondents asked me to look at inline_snort. Though we plan to resell the IDS solution, we are also will be directly responsible in maintaining the IDS solution in our customer base. Our customers expect us to select the IDS vendor and provide security in timely manner. It is onus on us to get the right IDS vendor and it is our responsibility to provide signatures in timely manner. What it means is that, my company needs to produce signatures yet times, if the IDS vendor is slow to respond. In this context, some of company management thinks that in the long run, having control over software and development of signatures is good for us. I don't want to bother you with these details, but what I find is that, we need to be pro-active in providing new signatures for new exploits in timely manner. In this context, I have following questions. 1. How do we get to know the new exploits? We found the www.cert.org provides advisories. We also find that www.securityfocus.com bugtraq list, which has exploit scripts/programs to some extent. Are there any other resources? 2. These advisories have very high level information on the exploit and patches from application vendors. But, they don't have any information on exact details on the exploit. To write the signatures, more information on the exploit is required, such as exploit details, attack scripts. Even if there is no script, detailed information on the exploit is required to write and test the signature. Where do I find this? Is there any list (commercial or free) to get this information? I tried to search in cert.org and securityfocus.com for this info on internet, but could not. Any information on this greatly appreciated. Thanks and regards Ravi ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Signature development ravivsn (Jun 12)
- Re: Signature development Srinivasa Rao Addepalli (Jun 17)
- <Possible follow-ups>
- Re: Signature development Srinivasa Rao Addepalli (Jun 17)