Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] Reliability of signatures

From: Seth Hall <seth () remor com>
Date: Fri, 11 Feb 2011 11:37:19 -0500

On Feb 11, 2011, at 9:59 AM, Joel Esler wrote:


On Feb 11, 2011, at 9:55 AM, Seth Hall wrote:


but if that IP address logs into some local box over SSH that would be worth looking into.


Yes, but that's not SPAM.


Sure, it's not spam but the ultimate detection in this example case would be driven from understanding unwanted 
activity coming from an IP address and reapplying that information in the future to make a different decision than 
would have been made otherwise.


I understand your point there, but SPAM (IMO) should be dealt with at the gateway antivirus/email server/spam filter 
level (in our case, clamav for instance.)  


I'm not saying that IDS has any role is dealing with the spam, but I think it's supremely worthwhile for it to have a 
notion of what spam looks like and how to identify spam-like activity.

  .Seth
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: