IDS mailing list archives
Re: Vulnerability & Exploit Signatures
From: MadHat <madhat () unspecific com>
Date: Thu, 16 Jun 2005 12:46:40 -0500
On Jun 16, 2005, at 7:25 AM, Kelly Dowd wrote:
I doubt there is any licensing of base signatures between vendors (signature engines vary greatly between products, you can't just 'use' another products sigs). You will find that some developers look at existing signature sets to get 'ideas', but it's far from a one-for-one copy. Companies must develop their own sigs just like they develop their own appliances... it's a total package.
I think he might have meant signature data. Like does every vendor research every attack and vulnerability to create every signature or is there a company that sells the data to allow you to create your own signatures based on someone else's research.
-Kelly D. On 6/14/05, Jackson Yu <jackson.yu () earthlink net> wrote:Hi, I'm new to this list, so please bear with my question:ASIC/FPGA/Software/detection techniques aside, I sense that a huge value of IPS vendors are the lab-type organizations that are constantly developing new filters in response to new vulnerabilities and exploits. However, there's no way that such vendors can "hit the market" if you will with 2000+ filters out on dayone.Do all these vendors license the same set of "base" filters from, say, Sourcefire / Snort derived rule source in the back? Is there a commonality there? At the end of the day, can I say that "Gee, most vendors' base set of 1500 IPS signatures are the same, its just the 300 or so that the vendors have additionally developed on top of that 1500 that are different!"Thanks Jackson--------------------------------------------------------------------- -----Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks fromCORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- ids_040708to learn more.--------------------------------------------------------------------- --------------------------------------------------------------------------- ----Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- ids_040708to learn more.---------------------------------------------------------------------- ----
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- Vulnerability & Exploit Signatures Jackson Yu (Jun 15)
- Re: Vulnerability & Exploit Signatures dgr8hunt (Jun 16)
- Re: Vulnerability & Exploit Signatures Kelly Dowd (Jun 16)
- Re: Vulnerability & Exploit Signatures Matt Jonkman (Jun 16)
- Re: Vulnerability & Exploit Signatures MadHat (Jun 16)
- Re: Vulnerability & Exploit Signatures M. Dodge Mumford (Jun 16)
- <Possible follow-ups>
- RE: Vulnerability & Exploit Signatures Kyle Quest (Jun 17)
- RE: Vulnerability & Exploit Signatures Marc Maiffret (Jun 17)
- Re: RE: Vulnerability & Exploit Signatures tk (Jun 20)
- RE: Vulnerability & Exploit Signatures Ofer Shezaf (Jun 20)
- Re: Vulnerability & Exploit Signatures Joel Esler (Jun 21)