Snort mailing list archives

Re: Snort rules snapshot archive?

From: Jeffrey Stebelton <jstebelton () netjets com>
Date: Wed, 25 Sep 2013 11:25:33 +0000

I highly doubt it's SANS. Having taken a number of SANS classes I can say the instructors are very knowledgeable and 
would know better than to direct someone writing a gold paper to a resource that doesn't exist. That, and the fact that 
the co-author  of the SEC503 course, Intrusion Detection In Depth, used to work for Sourcefire makes it very unlikely.

Jeff Stebelton GCIA GCIH GCFW CEH SFCP
Senior Information Security Analyst
NetJets Inc.
4111 Bridgeway Avenue
Columbus, OH 43219
T: (614) 849-7281
C: (614) 364-3078
E: jstebelton () netjets com<mailto:jstebelton () netjets com>
www.netjets.com<http://www.netjets.com/>
NetJets(r) Inc. is a Berkshire Hathaway company.

From: Miso Patel [mailto:miso.patel () gmail com]
Sent: Tuesday, September 24, 2013 12:51 PM
To: Joel Esler
Cc: Snort-sigs; waldo kitty
Subject: Re: [Snort-sigs] Snort rules snapshot archive?

Joel, I'm thinking it could be SANS.  I have talked with a number of SANS people a while back and they always tout IDS 
as a good research topic for their "gold" certification (or whatever it is called where you have to write a research 
paper, similar to graduate school but not accredited or a real school thesis).  One of my engineers went to a SANS 
class a few years ago and came back all fired up about writing a paper on "iDS - Intrusion Detection for Mac Users" but 
I don't remember the details.  That got shut down pretty quick.  We don't allow Macs in our environment and they aren't 
really a target anyway like MS Windows is so we couldn't justify giving him the time to do it since we wouldn't reap 
any benefits from it.
HTH.

-Miso, CISO

On Tue, Sep 24, 2013 at 12:07 PM, Joel Esler <jesler () sourcefire com<mailto:jesler () sourcefire com>> wrote:
On Sep 24, 2013, at 12:04 AM, <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> <wkitty42 () windstream 
net<mailto:wkitty42 () windstream net>> wrote:


On Monday, September 23, 2013 10:05 PM, yordanos beyene <yordanosb () gmail com<mailto:yordanosb () gmail com>> wrote:

I am working on a reasearch paper to study Snort rules growth and its impact on performance.
I appreciate if any one could help me download Snort rules snapshot for the last 5 to 10 years.
Is there any archive to access such rules?


you are not the first to have asked about such in the last month or two... the answer then as now is that there is no 
such archive available... old version rules are removed from distribution when the old snort for them is EoL'd...

it matters not what the purpose of the request is... it is simply impossible to fulfill...


Which University gives this assignment out every year?

Joel
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


*** *** ***
This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized 
to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in 
the message. If you have received the message in error,  please advise the sender by reply e-mail and delete the 
message.

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Snort rules snapshot archive? yordanos beyene (Sep 23)
- <Possible follow-ups>
- Re: Snort rules snapshot archive? wkitty42 (Sep 23)
  - Re: Snort rules snapshot archive? yordanos beyene (Sep 23)
  - Re: Snort rules snapshot archive? Joel Esler (Sep 24)
    - Re: Snort rules snapshot archive? Miso Patel (Sep 24)
    - Re: Snort rules snapshot archive? Jeffrey Stebelton (Sep 25)
- Re: Snort rules snapshot archive? wkitty42 (Sep 24)
  - Re: Snort rules snapshot archive? JeeHyun Hwang (Sep 24)
  - Re: Snort rules snapshot archive? yordanos beyene (Sep 24)
    - Re: Snort rules snapshot archive? Joel Esler (Sep 24)