IDS mailing list archives

Re: snort signature analysis tools

From: Jose Nazario <jose () monkey org>
Date: Tue, 18 Jan 2005 18:38:16 -0500 (EST)

On Tue, 18 Jan 2005, Chris Green wrote:

It's non-trivial to write such an application but I think it would make
a really good project for a Comp Sci person since being able to group
the rules into overlaps would be right on the boundary of IDS
performance grouping without the need for expensive testing hardware.


as you might expect, this has already been done:

        http://compilers.iecc.com/comparch/article/98-08-060
        http://www.cs.ucsd.edu/groups/tatami/bobj/rexp.html

etc ...

________
jose nazario, ph.d.                     jose () monkey org
http://monkey.org/~jose/                http://infosecdaily.net/

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

snort signature analysis tools Scott Kelly (Jan 06)
- Re: snort signature analysis tools Martin Roesch (Jan 08)
- <Possible follow-ups>
- RE: snort signature analysis tools Scott Kelly (Jan 10)
  - Re: snort signature analysis tools Martin Roesch (Jan 12)
- RE: snort signature analysis tools Hazel, Scott A. (Jan 17)
  - Re: snort signature analysis tools Chris Green (Jan 19)
    - Re: snort signature analysis tools Jose Nazario (Jan 20)