Snort mailing list archives
Re: [Emerging-Sigs] Reliability of signatures
From: Matt Olney <molney () sourcefire com>
Date: Fri, 11 Feb 2011 11:54:22 -0500
Here is the whitepaper for the Razorback project: http://www.scribd.com/doc/35792512/Project-Razorback-Whitepaper <http://www.scribd.com/doc/35792512/Project-Razorback-Whitepaper>The latest snort has the razorback module included so it can feed intel data to the Razorback system. System is still exceptionally alpha, so YMMV. On Fri, Feb 11, 2011 at 11:45 AM, Seth Hall <seth () remor com> wrote:
On Feb 11, 2011, at 10:08 AM, Matt Olney wrote:There is not a better solution for detecting the delivery of exploits,that is the job of an IDS. SPAM can lead you to an attack, or to a longer *****, but it isn't, in itself an attack. I never claimed that it was an attack, I only responded to your statement that "spam isn't an IDS issue".I agree there is a ton of metadata on the network that is incrediblyuseful both for correlation and forensics (see intel nuggets on Razorback). What I've noticed though is that frequently tools don't make the right information available at the right time and the right place. Where can I read more about what intel nuggets are? .Seth
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] Reliability of signatures, (continued)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Jacob Kitchel (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Martin Roesch (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Michael Scheidell (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Joel Esler (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Seth Hall (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 11)
- Re: [Emerging-Sigs] Reliability of signatures Crusty Saint (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matt Olney (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures Matthew Jonkman (Feb 10)
- Re: [Emerging-Sigs] Reliability of signatures List Subscriptions (Feb 10)
- Re: Reliability of signatures Jason Wallace (Feb 04)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Michael Scheidell (Feb 04)
- Re: Reliability of signatures Fraser, Hugh (Feb 07)
- Re: Reliability of signatures Martin Holste (Feb 04)
- Re: Reliability of signatures Jason Wallace (Feb 04)