IDS mailing list archives
Re: snort signature analysis tools
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 11 Jan 2005 23:00:40 -0500
Hi Scott,
I don't think there are any tools like that out there currently.
-Marty
On Jan 7, 2005, at 11:48 AM, Scott Kelly wrote:
-----Original Message----- From: Martin Roesch [mailto:roesch () sourcefire com] Sent: Friday, January 07, 2005 6:48 AM To: Scott Kelly Cc: focus-ids () securityfocus com Subject: Re: snort signature analysis tools What do you mean by overlaps/collisions? Rules that cover the same attack, duplicates, rules that will "cover" other rules and prevent them from firing?Maybe "intersecting rules" would be a better description. Is there a way, given an existing rule set, to determine the uniqueness of a proposed rule, to detect (interesting) intersections with other rules? Thanks, Scott
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover. Determine. Defend. roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- snort signature analysis tools Scott Kelly (Jan 06)
- Re: snort signature analysis tools Martin Roesch (Jan 08)
- <Possible follow-ups>
- RE: snort signature analysis tools Scott Kelly (Jan 10)
- Re: snort signature analysis tools Martin Roesch (Jan 12)
- RE: snort signature analysis tools Hazel, Scott A. (Jan 17)
- Re: snort signature analysis tools Chris Green (Jan 19)
- Re: snort signature analysis tools Jose Nazario (Jan 20)
- Re: snort signature analysis tools Chris Green (Jan 19)