Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] Reliability of signatures

From: Seth Hall <seth () remor com>
Date: Fri, 11 Feb 2011 09:55:14 -0500

On Feb 10, 2011, at 9:55 AM, Matt Olney wrote:


Also, SPAM isn't an IDS issue, at least from my point of view.  I worry about malicious, not asinine.


Ouch, seriously?  In my opinion, if it goes over the network it's an IDS issue.  Sometimes it's incredible how many 
little, seemingly inconsequential bits of information will add up over time to mean something much different and much 
more important.  Maybe the remote IP address sending spam doesn't mean much for an incident response team by itself, 
but if that IP address logs into some local box over SSH that would be worth looking into.
 
  .Seth
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: