Snort mailing list archives

uncle snort needs you

From: Brian <bmc () snort org>
Date: Sat, 19 Jan 2002 18:55:28 -0500

You have received this mail because ... we need your help.

Here's the deal.  There is not a good reference point for alerts snort
keeps popping up in front of people's face.  We, the core snort team, are
working hard to build the best IDS possible, and this is the next step.

So, if you can help us out, we would be forever greatful.  I've built a
signature information database, and we need your help to fill in the blanks.

We need you to help research our signatures.  We are looking to provide our
users with the following information:

   Summary                      Impact
   Detailed Information         Attack Scenarios
   Ease of Attack               Recommended Action
   False Positives              False Negatives
   References

Basicly, what the signature triggers on, why its important, how someone
might use this issue to their advantage (aka, to dos a system, exploit
it), what someone might do to mitigate this problem, how this may false,
and any additional references to what references we already have.

Here is the deal, attached is our template for the data that we are looking
for.  Research the information required by the template and email it to
snort-sigs () lists sourceforge net.  One of the snort core developers will
add it into the database.

There are a few requirements for the information that we include in our
database.  The information must be ORIGINAL CONTENT.  Do not cut and paste 
someone elses work.  Paraphrasing is good, referencing is ok.  Just don't 
violate someone's copyright and all will be ok.  If you are unsure of some 
part of the rule, include that as a commentary and someone else perhaps will 
be able to fix it.

Also, We are also looking for pcap for each of the signatures.  If you have
raw tcpdump capture of these signatures, please send them to <bmc () snort org>
to be included in the database.

Visit http://www.snort.org/snort-db/unfinished.html for a list of the
signatures that do not have a completed entry.

Please check http://www.snort.org/snort-db/ for more information.

This is a time consuming effort, but it will be worth it.

Thanks,
Brian

--
Brian Caswell
Snort Signature Nazi

Attachment: snort-sid-template.txt
Description:

Current thread:

uncle snort needs you Brian (Jan 19)
- Re: uncle snort needs you Roberto Suarez Soto (Jan 21)
- <Possible follow-ups>
- RE: uncle snort needs you Steve Halligan (Jan 21)
  - Re: uncle snort needs you Martin Roesch (Jan 22)
    - MySQL 2 XML Warrick FitzGerald (Jan 22)