IDS mailing list archives
Re: Vulnerability & Exploit Signatures
From: "M. Dodge Mumford" <dodge () nfr net>
Date: Thu, 16 Jun 2005 10:39:50 -0400
Jackson Yu said:
Do all these vendors license the same set of "base" filters from, say, Sourcefire / Snort derived rule source in the back? Is there a commonality there? At the end of the day, can I say that "Gee, most vendors' base set of 1500 IPS signatures are the same, its just the 300 or so that the vendors have additionally developed on top of that 1500 that are different!"
That's an interesting question that, as a vendor, I'm very interested in seeing the answers to. I write N-Code for NFR, and while we use all available public sources of information we can to get about how to detect vulnerabilities, all of our code to actually perform detection has been completely written from scratch in-house. When purchased, the N-Code that does the detection is viewable in source code so that when we trigger alerts, it is possible to determine precisely what caused the alert to trigger. For those who learn to at least read N-Code anyway. :-) -- Dodge
Attachment:
_bin
Description:
Current thread:
- Vulnerability & Exploit Signatures Jackson Yu (Jun 15)
- Re: Vulnerability & Exploit Signatures dgr8hunt (Jun 16)
- Re: Vulnerability & Exploit Signatures Kelly Dowd (Jun 16)
- Re: Vulnerability & Exploit Signatures Matt Jonkman (Jun 16)
- Re: Vulnerability & Exploit Signatures MadHat (Jun 16)
- Re: Vulnerability & Exploit Signatures M. Dodge Mumford (Jun 16)
- <Possible follow-ups>
- RE: Vulnerability & Exploit Signatures Kyle Quest (Jun 17)
- RE: Vulnerability & Exploit Signatures Marc Maiffret (Jun 17)
- Re: RE: Vulnerability & Exploit Signatures tk (Jun 20)
- RE: Vulnerability & Exploit Signatures Ofer Shezaf (Jun 20)
- Re: Vulnerability & Exploit Signatures Joel Esler (Jun 21)