Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Contributing?

From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 9 Mar 2011 14:47:24 -0500
A couple things that are pretty helpful.

Detection related stuff:

a. Pcaps of false positives.  Any time a rule doesn't do what its
suppose to do, pcap it and sent it over so we can fix the rule.
b. Pcaps of things you would like us to detect.  Some people want
snort to detect things that aren't malware or vulnerabilities.  Like
proxy scanners or other stuff.  Send us a pcap and we'll add it to the
queue.
c. Long running pcaps of network traffic from real networks.
d. Pcaps of strange apps that run on your network.  If you've got some
fun apps that not many people have, maybe a large SCADA network, we'd
love to dissect those and add specific preprocessors for that type of
traffic.  Currently, looking for a long running VoIP pcap of a
production pbx.
e. Pcaps of policy related traffic.  New versions of Skype, new
version of XYZ IM client, individual functions of specific websites
like photo upload to Flickr.  We add detects for this type of stuff,
and add it to the policy categories as some people like to limit these
types of apps.

Data stuff:
a. Got a piece of malware that isn't detected, send it on over.
b. Non English spam or phishing.
c. Blacklisting data.

Just about any type of data is useful in some capacity.

Also if you use ClamAV and write code,
http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011

Cheers,
-matt


On Wed, Mar 9, 2011 at 2:20 PM, Michael Lubinski
<michael.lubinski () gmail com> wrote:

Besides writing signatures and the obvious *I have an error* what can other
data points can a user contribute? I would like to contribute a bit more but
my knowledge of Snort is lacking at the moment but getting better. An
example would be that a user manages quite a few mail servers, content and
spam filters, would the community benefit from any data the user could
submit?
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-blog.snort.org && http://www.snort.org/vrt/

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: