IDS mailing list archives
Re: snort signature analysis tools
From: Jose Nazario <jose () monkey org>
Date: Tue, 18 Jan 2005 18:38:16 -0500 (EST)
On Tue, 18 Jan 2005, Chris Green wrote:
It's non-trivial to write such an application but I think it would make a really good project for a Comp Sci person since being able to group the rules into overlaps would be right on the boundary of IDS performance grouping without the need for expensive testing hardware.
as you might expect, this has already been done: http://compilers.iecc.com/comparch/article/98-08-060 http://www.cs.ucsd.edu/groups/tatami/bobj/rexp.html etc ... ________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://infosecdaily.net/ -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- snort signature analysis tools Scott Kelly (Jan 06)
- Re: snort signature analysis tools Martin Roesch (Jan 08)
- <Possible follow-ups>
- RE: snort signature analysis tools Scott Kelly (Jan 10)
- Re: snort signature analysis tools Martin Roesch (Jan 12)
- RE: snort signature analysis tools Hazel, Scott A. (Jan 17)
- Re: snort signature analysis tools Chris Green (Jan 19)
- Re: snort signature analysis tools Jose Nazario (Jan 20)
- Re: snort signature analysis tools Chris Green (Jan 19)