Dailydave mailing list archives
RE: Funny note here on a worm
From: Ron Gula <rgula () tenablesecurity com>
Date: Sun, 01 May 2005 08:25:22 -0400
At 07:10 AM 5/1/2005, Kyle Quest wrote:
The idea to release this advisory obviously came from the marketing guys from Sourcefire. The snort.org website became a marketing and a sales tool for Sourcefire. Snort itself is changing too. Look at what's going on with the rules... This is just sad.
My only criticism of the sig was that it has known false positive, right out of the box: ---This rule will generate false positive events on normal traffic between Exchange servers. If these extensions are implemented in a network where Exchange servers are used, administrators should configure this rule as appropriate for their environment.
--- I don't have any issues with Sourcefire charging for the rules updates and if folks want to chat about it on this list, I can save us all a lot of time by posting the for/against threads from the various Nessus, Snort, vuln-watch mailing lists. Ron _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Funny note here on a worm Dave Aitel (Apr 30)
- Re: Funny note here on a worm Jeremy Kelley (Apr 30)
- Re: Funny note here on a worm Gadi Evron (Apr 30)
- <Possible follow-ups>
- RE: Funny note here on a worm Kyle Quest (May 01)
- Message not available
- RE: Funny note here on a worm Ron Gula (May 01)
- Interesting call for research... halvar (May 01)
- Re: Interesting call for research... Dave Aitel (May 01)
- Re: Interesting call for research... Gadi Evron (May 01)
- Message not available
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Gadi Evron (May 01)
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Gadi Evron (May 01)