uncle snort needs you

From: Brian (bmc@snort.org)
Date: 01/20/02 

Date: Sat, 19 Jan 2002 18:55:28 -0500
From: Brian <bmc@snort.org>
To: snort-users@lists.sourceforge.net, FOCUS-IDS@securityfocus.com

You have received this mail because ... we need your help.

Here's the deal. There is not a good reference point for alerts snort
keeps popping up in front of people's face. We, the core snort team, are
working hard to build the best IDS possible, and this is the next step.

So, if you can help us out, we would be forever greatful. I've built a
signature information database, and we need your help to fill in the blanks.

We need you to help research our signatures. We are looking to provide our
users with the following information:

   Summary Impact
   Detailed Information Attack Scenarios
   Ease of Attack Recommended Action
   False Positives False Negatives
   References

Basicly, what the signature triggers on, why its important, how someone
might use this issue to their advantage (aka, to dos a system, exploit
it), what someone might do to mitigate this problem, how this may false,
and any additional references to what references we already have.

Here is the deal, attached is our template for the data that we are looking
for. Research the information required by the template and email it to
snort-sigs@lists.sourceforge.net. One of the snort core developers will
add it into the database.

There are a few requirements for the information that we include in our
database. The information must be ORIGINAL CONTENT. Do not cut and paste
someone elses work. Paraphrasing is good, referencing is ok. Just don't
violate someone's copyright and all will be ok. If you are unsure of some
part of the rule, include that as a commentary and someone else perhaps will
be able to fix it.

Also, We are also looking for pcap for each of the signatures. If you have
raw tcpdump capture of these signatures, please send them to <bmc@snort.org>
to be included in the database.

Visit http://www.snort.org/snort-db/unfinished.html for a list of the
signatures that do not have a completed entry.

Please check http://www.snort.org/snort-db/ for more information.

This is a time consuming effort, but it will be worth it.

Thanks,
Brian 

--
Brian Caswell
Snort Signature Nazi

Relevant Pages

  • Re: DB Architecture Questions (for joe celko)
    ... So a deck of punch cards or a mag tape is just like an SQL Schema to ... a table has a name in the database. ... OCCURS clause. ... This rule would be enforce by a REFERENCES clause on the Orders table ...
    (microsoft.public.sqlserver.programming)
  • Re: Table Design Question
    ... > requires more than two probes, no matter how large the database. ... > acceptable (in the relational model) to have an Identity attribute to ... the gap in the sequence is not filled in and the sequence ... > vin CHARNOT NULL REFERENCES Motorpool); ...
    (microsoft.public.sqlserver.programming)
  • Re: Mixed up with Relationships..help!
    ... The database you're describing ... The CONSTRAINT statement establishes a Primary Key or a Foreign Key, ... "REFERENCES" table and column. ... QuestionaireAnswers: QuestionaireAnswersID, StudentID, 2005, ...
    (microsoft.public.access.gettingstarted)
  • Re: One PC not able to calculate formulas
    ... Are you using ONE database on a server that everyone is accessing? ... If you get no errors then select Tools: References ... Then check the reference libraries on that computer. ... If any of the selected references have "MISSING:" in front of them, unselect ...
    (microsoft.public.access.gettingstarted)
  • Re: Newbie question on table design.
    ... The early SQL systems were also ... built on a queues and locking model because that is what we had. ... a row is defined in the database ... REFERENCES clause on the Orders table which references the Inventory ...
    (comp.databases.theory)