Snort mailing list archives
Re: Team0x42 Snort rules
From: Matt Jonkman <jonkman () jonkmans com>
Date: Mon, 07 Apr 2008 23:31:58 -0400
I second that, keep at it. If you're looking for a place where you can participate without being berated, submit to the emerging-sigs list. This is why we exist. emergingthreats.net And submit the sigs themselves, rather than links to a tarball. More eyeballs will see them that way. Matt Paul Melson wrote:
Some good snort rules by Team0x42 Shellcode detection, Web attack detection, DoS detection and web-miscrules You can download the rule set from:http://team0x42.homeunix.org/projects.htmlI mean, good for you for learning to write Snort rules and then sharing that back with the community. Keep it up. But honestly, I wouldn't actually run this rule set. If you're interested in hearing my reasons why, I'm happy to share them with the intent that you may learn to write better rules. PaulM (Revere) PS - BMC's got his own room at the back of the bus. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Team0x42 Snort rules TheWell (Apr 07)
- Re: Team0x42 Snort rules Brian Caswell (Apr 07)
- Re: Team0x42 Snort rules Lurene A Grenier (Apr 07)
- Re: Team0x42 Snort rules M. Shirk (Apr 07)
- Re: Team0x42 Snort rules Randal T. Rioux (Apr 07)
- Re: Team0x42 Snort rules Lurene A Grenier (Apr 07)
- Re: Team0x42 Snort rules Paul Melson (Apr 07)
- Re: Team0x42 Snort rules Justin Heath (Apr 07)
- Re: Team0x42 Snort rules Matt Jonkman (Apr 07)
- Re: Team0x42 Snort rules Nigel Houghton (Apr 08)
- Re: Team0x42 Snort rules Brian Caswell (Apr 07)