Snort mailing list archives
Re: Surprised by snort classtype...
From: Matt Olney <molney () sourcefire com>
Date: Tue, 19 Jan 2010 13:20:22 -0500
Just bugged this. I agree that this is a phrase that is not on that is appropriate. It is a (very) legacy line of code from a classtype we no longer use. I will work with the Snort team to get this addressed as quickly as possible. Matt On Tue, Jan 19, 2010 at 12:57 PM, Guise McAllaster <guise.mcallaster () gmail com> wrote:
Gents, Yesterday I was tasked with giving an executive level presentation to the CISO and CFO for the security benefits of Snort in an IDS role as a budget justification for a SourceFire IPS sensor/appliance and VRT subscription. The presentation was going quite well and they asked about content filter and policy violations and I showed several examples, including classtype, from our live system. Sadly, several of the entries contained "kickass-porn" and the female CISO was very upsetting. Both the CFO and CISO reacted negatively, claims an Enterprise-Ready product would never use such unprofessional profane names. I was surprised too and looked in the manual and saw that the description for "kickass-porn" was, "SCORE! - get the lotion". What? >:-0 Really? Now I'm looking at a budget trim for this year as well as being forced away from adoption of the SF IPS product since a similar asstype is used. While most IDS mates can laugh it off this is something to keep in mind with regard to the professionalism such word choices say. In this case, with some fault of my own for not scrubbing the bits, it cost me what I would rate a top notch IPS product. Now I'm forced to settle for something inferior. :( Just wanting to warn others to not make my same mistake. Guise ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Surprised by snort classtype... Guise McAllaster (Jan 19)
- Re: Surprised by snort classtype... Matt Olney (Jan 19)
- Message not available
- Re: [Emerging-Sigs] Surprised by snort classtype. evilghost () packetmail net (Jan 19)