Re: [Emerging-Sigs] Reliability of signatures

[Matt Olney <molney () sourcefire com>]

Here is the whitepaper for the Razorback project:

http://www.scribd.com/doc/35792512/Project-Razorback-Whitepaper

<http://www.scribd.com/doc/35792512/Project-Razorback-Whitepaper>The latest
snort has the razorback module included so it can feed intel data to the
Razorback system.  System is still exceptionally alpha, so YMMV.

On Fri, Feb 11, 2011 at 11:45 AM, Seth Hall <seth () remor com> wrote:

> On Feb 11, 2011, at 10:08 AM, Matt Olney wrote:
>
> > There is not a better solution for detecting the delivery of exploits,
> that is the job of an IDS.  SPAM can lead you to an attack, or to a longer
> *****, but it isn't, in itself an attack.
>
> I never claimed that it was an attack, I only responded to your statement
> that "spam isn't an IDS issue".
>
> > I agree there is a ton of metadata on the network that is incredibly
> useful both for correlation and forensics (see intel nuggets on Razorback).
>
> What I've noticed though is that frequently tools don't make the right
> information available at the right time and the right place.  Where can I
> read more about what intel nuggets are?
>
>  .Seth
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users