Snort mailing list archives
Re: Snort rules snapshot archive?
From: Jeffrey Stebelton <jstebelton () netjets com>
Date: Wed, 25 Sep 2013 11:25:33 +0000
I highly doubt it's SANS. Having taken a number of SANS classes I can say the instructors are very knowledgeable and would know better than to direct someone writing a gold paper to a resource that doesn't exist. That, and the fact that the co-author of the SEC503 course, Intrusion Detection In Depth, used to work for Sourcefire makes it very unlikely. Jeff Stebelton GCIA GCIH GCFW CEH SFCP Senior Information Security Analyst NetJets Inc. 4111 Bridgeway Avenue Columbus, OH 43219 T: (614) 849-7281 C: (614) 364-3078 E: jstebelton () netjets com<mailto:jstebelton () netjets com> www.netjets.com<http://www.netjets.com/> NetJets(r) Inc. is a Berkshire Hathaway company. From: Miso Patel [mailto:miso.patel () gmail com] Sent: Tuesday, September 24, 2013 12:51 PM To: Joel Esler Cc: Snort-sigs; waldo kitty Subject: Re: [Snort-sigs] Snort rules snapshot archive? Joel, I'm thinking it could be SANS. I have talked with a number of SANS people a while back and they always tout IDS as a good research topic for their "gold" certification (or whatever it is called where you have to write a research paper, similar to graduate school but not accredited or a real school thesis). One of my engineers went to a SANS class a few years ago and came back all fired up about writing a paper on "iDS - Intrusion Detection for Mac Users" but I don't remember the details. That got shut down pretty quick. We don't allow Macs in our environment and they aren't really a target anyway like MS Windows is so we couldn't justify giving him the time to do it since we wouldn't reap any benefits from it. HTH. -Miso, CISO On Tue, Sep 24, 2013 at 12:07 PM, Joel Esler <jesler () sourcefire com<mailto:jesler () sourcefire com>> wrote: On Sep 24, 2013, at 12:04 AM, <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote:
On Monday, September 23, 2013 10:05 PM, yordanos beyene <yordanosb () gmail com<mailto:yordanosb () gmail com>> wrote:I am working on a reasearch paper to study Snort rules growth and its impact on performance. I appreciate if any one could help me download Snort rules snapshot for the last 5 to 10 years. Is there any archive to access such rules?you are not the first to have asked about such in the last month or two... the answer then as now is that there is no such archive available... old version rules are removed from distribution when the old snort for them is EoL'd... it matters not what the purpose of the request is... it is simply impossible to fulfill...
Which University gives this assignment out every year? Joel ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! *** *** *** This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail and delete the message.
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort rules snapshot archive? yordanos beyene (Sep 23)
- <Possible follow-ups>
- Re: Snort rules snapshot archive? wkitty42 (Sep 23)
- Re: Snort rules snapshot archive? yordanos beyene (Sep 23)
- Re: Snort rules snapshot archive? Joel Esler (Sep 24)
- Re: Snort rules snapshot archive? Miso Patel (Sep 24)
- Re: Snort rules snapshot archive? Jeffrey Stebelton (Sep 25)
- Re: Snort rules snapshot archive? wkitty42 (Sep 24)
- Re: Snort rules snapshot archive? JeeHyun Hwang (Sep 24)
- Re: Snort rules snapshot archive? yordanos beyene (Sep 24)
- Re: Snort rules snapshot archive? Joel Esler (Sep 24)