Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Good Snort Signatures

From: James Riden <j.riden () massey ac nz>
Date: Wed, 25 Aug 2004 08:46:43 +1200
"Adriel T. Desautels" <atd () secnetops com> writes:


Greetings List, 
      Does anyone here know where I can find low false positive snort
rules?  The rules from snort.org are simply bunk.  They generate way too
many false positives and even false negatives during certain types of
events. I am not adverse to purchasing snort rules either, I just need
something that works.


snort has signatures to pick up 'dodgy' behaviour. Unfortunately,
'dodgy' differs between my network and yours. You, or someone else
should go through the rules and tailor them to your network. I'm sure
you can find someone willing to do this on contract.c

I would have recommended the bleeding snort sigs, but you'll have to
pick and choose the useful ones from there as well.

No IDS, or any other system is a magic bullet. Security is hard
work. Sorry.

-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: