IDS mailing list archives
Re: Vulnerability & Exploit Signatures
From: Joel Esler <eslerj () gmail com>
Date: Tue, 21 Jun 2005 07:15:14 -0400
Niksun (www.niksun.com) has a certified Snort Rule program. Joel Esler On Jun 19, 2005, at 8:22 AM, Ofer Shezaf wrote:
From: Kelly Dowd [mailto:loris65 () gmail com] Sent: Thursday, June 16, 2005 3:26 PM I doubt there is any licensing of base signatures between vendors (signature engines vary greatly between products, you can't just 'use' another products sigs). You will find that some developers look at existing signature sets to get 'ideas', but it's far from a one-for-one copy. Companies must develop their own sigs just like they develop their own appliances... it's a total package.Actually there is a thriving commercial market for signatures' databases. I think that this market is natural due to two reasons: a. More and more unified boxed do IDS in addition to other features. Itis very difficult to maintain the IP required for all those features andbuying the know-how from specialists is a good way to go.b. Vulnerability based signatures are becoming just one of the detectiontools in the arsenal of a good intrusion detection system. Behavioral technologies, misuse technologies more advanced than signatures and positive logic (protocol compliance for example) are complementing traditional vulnerably signatures. Again, licensing the signatures part of the product is a viable alternative. ~ Ofer Ofer Shezaf OWASP Israel Chair http://www.owasp.org/local/israel.html CTO, Breach Security Phone (US): +1 (760) 268.1924 ext. 702 Phone (Israel): +972 (9) 956.0036 ext.212 Cell: +972 (54) 443.1119 ofers () breach com http://www.breach.com----------------------------------------------------------------------- ---Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.----------------------------------------------------------------------- ---
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- Vulnerability & Exploit Signatures Jackson Yu (Jun 15)
- Re: Vulnerability & Exploit Signatures dgr8hunt (Jun 16)
- Re: Vulnerability & Exploit Signatures Kelly Dowd (Jun 16)
- Re: Vulnerability & Exploit Signatures Matt Jonkman (Jun 16)
- Re: Vulnerability & Exploit Signatures MadHat (Jun 16)
- Re: Vulnerability & Exploit Signatures M. Dodge Mumford (Jun 16)
- <Possible follow-ups>
- RE: Vulnerability & Exploit Signatures Kyle Quest (Jun 17)
- RE: Vulnerability & Exploit Signatures Marc Maiffret (Jun 17)
- Re: RE: Vulnerability & Exploit Signatures tk (Jun 20)
- RE: Vulnerability & Exploit Signatures Ofer Shezaf (Jun 20)
- Re: Vulnerability & Exploit Signatures Joel Esler (Jun 21)