Automated IDS Signature Generator?

quakeroats_at_hushmail.com
Date: 06/18/03

Next message: Stephen P. Berry: "Re: Views and Correlation in Intrusion Detection"

Previous message: Stephen P. Berry: "Re: Recent anti-NIDS Gartner article"
Next in thread: Kohlenberg, Toby: "RE: Automated IDS Signature Generator?"
Maybe reply: Kohlenberg, Toby: "RE: Automated IDS Signature Generator?"
Reply: Anton A. Chuvakin: "Re: Automated IDS Signature Generator?"
Maybe reply: Kohlenberg, Toby: "RE: Automated IDS Signature Generator?"
Reply: Stefano Zanero: "Re: Automated IDS Signature Generator?"
Reply: Christian Kreibich: "Re: Automated IDS Signature Generator?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 17 Jun 2003 22:34:29 -0000
To: focus-ids@securityfocus.com

('binary' encoding is not supported, stored as-is)

IDS Folk,

Is there a utility/function/program that automatically generates an IDS
signature based on a recording of a monitored exploit attempt? For
example, say the exploit is brought into an isolated lab environment, and
we record the whole attack. At the end of the attack, this "thing" spits
out automated scripts for any number of IDS solutions. Seems like it
would be something that companies like Snort/Symantec/Dragon/etc. might
already have, but I've never heard of such a utility.

With Love,

Quaker Oats

"it's mmm mmm good..."

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------

Next message: Stephen P. Berry: "Re: Views and Correlation in Intrusion Detection"

Previous message: Stephen P. Berry: "Re: Recent anti-NIDS Gartner article"
Next in thread: Kohlenberg, Toby: "RE: Automated IDS Signature Generator?"
Maybe reply: Kohlenberg, Toby: "RE: Automated IDS Signature Generator?"
Reply: Anton A. Chuvakin: "Re: Automated IDS Signature Generator?"
Maybe reply: Kohlenberg, Toby: "RE: Automated IDS Signature Generator?"
Reply: Stefano Zanero: "Re: Automated IDS Signature Generator?"
Reply: Christian Kreibich: "Re: Automated IDS Signature Generator?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: How to choose an IDS/FW MSS provider
... First, "recording everything" is not what IDS's were EVER meant for, ... others can create "audit" trails of every web request, every mail, every ... >detect attacks by inspecting layer 3 headers for prohibited IP ... >facility with an IDS or IPS deployed. ...
(Focus-IDS)
RE: threat/attack nomenclature/reporting [was Re: IDS Correlation]
... Subject: threat/attack nomenclature/reporting [was Re: IDS ... Standard security event formats that use the normalized ... from IDS vendors) into something which is concise, meaningful, ...
(Focus-IDS)
RE: threat/attack nomenclature/reporting [was Re: IDS Correlation ]
... > 1) Threat nomenclature normalization at a level higher ... > they are focussed more on IDSs, ... > addressed when formalizing a security event format is performance ... > from IDS vendors) into something which is concise, meaningful, ...
(Focus-IDS)
RE: Application level IDS?
... monitors html, web sessions, cookies, SQL traffic and is capable of ... Subject: Application level IDS? ... world's premier technical IT security event! ...
(Focus-IDS)
RE: Recent anti-NIDS Gartner article
... I think an IDS is a lot like an insurance policy. ... It is all about loss prevention and proof that attacks are happening now ... world's premier technical IT security event! ...
(Focus-IDS)