Re: Good Snort Signatures

[sekure <sekure () gmail com>]

That's strange.  You would think that the people that write and
maintain Snort would write rules that work with their product.

If you want, for a nominal fee of $10,000 I will send you the rules
that work for ME, and generate almost no false positives on MY
network.  But then again, those are just the basic rules from
snort.org with appropriate variables defined in snort.conf and some
"pass", "suppress", and "threshold" parameters in local.rules, so you
might want to save yourself the money, and read through the free snort
online manual, the FAQ, or invest the $30 or so in "Snort 2.1
Intrusion Detection"
(http://www.amazon.com/exec/obidos/tg/detail/-/1931836043/103-0031376-8095028)

On Tue, 24 Aug 2004 13:57:15 -0400, Adriel T. Desautels
<atd () secnetops com> wrote:
> Greetings List,
>        Does anyone here know where I can find low false positive snort
> rules?  The rules from snort.org are simply bunk.  They generate way too
> many false positives and even false negatives during certain types of
> events. I am not adverse to purchasing snort rules either, I just need
> something that works.


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users