Snort mailing list archives
uncle snort needs you
From: Brian <bmc () snort org>
Date: Sat, 19 Jan 2002 18:55:28 -0500
You have received this mail because ... we need your help. Here's the deal. There is not a good reference point for alerts snort keeps popping up in front of people's face. We, the core snort team, are working hard to build the best IDS possible, and this is the next step. So, if you can help us out, we would be forever greatful. I've built a signature information database, and we need your help to fill in the blanks. We need you to help research our signatures. We are looking to provide our users with the following information: Summary Impact Detailed Information Attack Scenarios Ease of Attack Recommended Action False Positives False Negatives References Basicly, what the signature triggers on, why its important, how someone might use this issue to their advantage (aka, to dos a system, exploit it), what someone might do to mitigate this problem, how this may false, and any additional references to what references we already have. Here is the deal, attached is our template for the data that we are looking for. Research the information required by the template and email it to snort-sigs () lists sourceforge net. One of the snort core developers will add it into the database. There are a few requirements for the information that we include in our database. The information must be ORIGINAL CONTENT. Do not cut and paste someone elses work. Paraphrasing is good, referencing is ok. Just don't violate someone's copyright and all will be ok. If you are unsure of some part of the rule, include that as a commentary and someone else perhaps will be able to fix it. Also, We are also looking for pcap for each of the signatures. If you have raw tcpdump capture of these signatures, please send them to <bmc () snort org> to be included in the database. Visit http://www.snort.org/snort-db/unfinished.html for a list of the signatures that do not have a completed entry. Please check http://www.snort.org/snort-db/ for more information. This is a time consuming effort, but it will be worth it. Thanks, Brian -- Brian Caswell Snort Signature Nazi
Attachment:
snort-sid-template.txt
Description:
Current thread:
- uncle snort needs you Brian (Jan 19)
- Re: uncle snort needs you Roberto Suarez Soto (Jan 21)
- <Possible follow-ups>
- RE: uncle snort needs you Steve Halligan (Jan 21)
- Re: uncle snort needs you Martin Roesch (Jan 22)
- MySQL 2 XML Warrick FitzGerald (Jan 22)
- Re: uncle snort needs you Martin Roesch (Jan 22)