Snort mailing list archives
Re: Contributing?
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 9 Mar 2011 14:47:24 -0500
A couple things that are pretty helpful. Detection related stuff: a. Pcaps of false positives. Any time a rule doesn't do what its suppose to do, pcap it and sent it over so we can fix the rule. b. Pcaps of things you would like us to detect. Some people want snort to detect things that aren't malware or vulnerabilities. Like proxy scanners or other stuff. Send us a pcap and we'll add it to the queue. c. Long running pcaps of network traffic from real networks. d. Pcaps of strange apps that run on your network. If you've got some fun apps that not many people have, maybe a large SCADA network, we'd love to dissect those and add specific preprocessors for that type of traffic. Currently, looking for a long running VoIP pcap of a production pbx. e. Pcaps of policy related traffic. New versions of Skype, new version of XYZ IM client, individual functions of specific websites like photo upload to Flickr. We add detects for this type of stuff, and add it to the policy categories as some people like to limit these types of apps. Data stuff: a. Got a piece of malware that isn't detected, send it on over. b. Non English spam or phishing. c. Blacklisting data. Just about any type of data is useful in some capacity. Also if you use ClamAV and write code, http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 Cheers, -matt On Wed, Mar 9, 2011 at 2:20 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:
Besides writing signatures and the obvious *I have an error* what can other data points can a user contribute? I would like to contribute a bit more but my knowledge of Snort is lacking at the moment but getting better. An example would be that a user manages quite a few mail servers, content and spam filters, would the community benefit from any data the user could submit? ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-blog.snort.org && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Contributing? Michael Lubinski (Mar 09)
- Re: Contributing? Matt Watchinski (Mar 09)