IDS mailing list archives
Re: CVE selection for IDS/IPS signature rules
From: Jose Nazario <jose () monkey org>
Date: Tue, 3 Jun 2008 16:24:48 -0400 (EDT)
an earlier comment from ron gula touched on how some vulns are remote etc. as of a few days ago, here's some quick numbers around the "range" element (where the attack can be mounted from) from the NVD, which annotates CVE entries. note that some attacks can have multipe range attributes.
nvd=# SELECT range_type, count(range_type) from range group by range_type; range_type | count ---------------+------- local | 5368 remote | 19697 user_init | 3121 network | 6929 local_network | 114 (5 rows) data from http://nvd.nist.gov/, imported into a local SQL database for use. ________ jose nazario, ph.d. http://monkey.org/~jose/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Re: CVE selection for IDS/IPS signature rules abhicc285 (Jun 03)
- Re: CVE selection for IDS/IPS signature rules Jose Nazario (Jun 03)
- <Possible follow-ups>
- Re: CVE selection for IDS/IPS signature rules Enigma (Jun 03)
- RE: CVE selection for IDS/IPS signature rules Dimitris Patsos (Jun 03)
- Re: CVE selection for IDS/IPS signature rules Leon Ward (Jun 03)
- Re: CVE selection for IDS/IPS signature rules Enigma (Jun 05)
- Re: CVE selection for IDS/IPS signature rules Joel Esler (Jun 05)
- RE: CVE selection for IDS/IPS signature rules Srinivasa Addepalli (Jun 03)
- Re: CVE selection for IDS/IPS signature rules Ravi Chunduru (Jun 03)