IDS mailing list archives
RE: snort signature analysis tools
From: "Scott Kelly" <SKelly () facetime com>
Date: Fri, 7 Jan 2005 08:48:40 -0800
-----Original Message----- From: Martin Roesch [mailto:roesch () sourcefire com] Sent: Friday, January 07, 2005 6:48 AM To: Scott Kelly Cc: focus-ids () securityfocus com Subject: Re: snort signature analysis tools What do you mean by overlaps/collisions? Rules that cover the same attack, duplicates, rules that will "cover" other rules and prevent them from firing?
Maybe "intersecting rules" would be a better description. Is there a way, given an existing rule set, to determine the uniqueness of a proposed rule, to detect (interesting) intersections with other rules? Thanks, Scott -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- snort signature analysis tools Scott Kelly (Jan 06)
- Re: snort signature analysis tools Martin Roesch (Jan 08)
- <Possible follow-ups>
- RE: snort signature analysis tools Scott Kelly (Jan 10)
- Re: snort signature analysis tools Martin Roesch (Jan 12)
- RE: snort signature analysis tools Hazel, Scott A. (Jan 17)
- Re: snort signature analysis tools Chris Green (Jan 19)
- Re: snort signature analysis tools Jose Nazario (Jan 20)
- Re: snort signature analysis tools Chris Green (Jan 19)