RE: Automated IDS Signature Generator?
From: Kohlenberg, Toby (toby.kohlenberg_at_intel.com)
Date: 06/19/03
- Previous message: Stephen Samuel: "Re: Recent anti-NIDS Gartner article"
- Maybe in reply to: quakeroats_at_hushmail.com: "Automated IDS Signature Generator?"
- Next in thread: Stefano Zanero: "Re: Automated IDS Signature Generator?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Jun 2003 16:39:12 -0700 To: "Quaker Oats" <quakeroats@hushmail.com>, <focus-ids@securityfocus.com>
Doh! Sorry, I should have said the Honeyd challenge:
http://www.citi.umich.edu/u/provos/honeyd/challenge.html
Not the Honeynet challenges. I thought they were linked and
just checked and realized I was wrong.
toby
> -----Original Message-----
> From: Quaker Oats [mailto:quakeroats@hushmail.com]
> Sent: Wednesday, June 18, 2003 4:10 PM
> To: Kohlenberg, Toby
> Subject: RE: Automated IDS Signature Generator?
>
>
>
> Toby,
>
> Do you remember which challenge it was
> (http://www.honeynet.org/scans/)?
>
> What are your thoughts on the feasability?
>
>
> QA
>
>
> On Wed, 18 Jun 2003 15:34:55 -0700 "Kohlenberg, Toby"
> <toby.kohlenberg@intel.com> wrote:
> >I believe the winner of the Honeynet Project's contest this spring
> >created a tool that did that using Honeyd data as as source.
> >
> >toby
> >
> >> -----Original Message-----
> >> From: quakeroats@hushmail.com [mailto:quakeroats@hushmail.com]
> >>
> >> Sent: Tuesday, June 17, 2003 3:34 PM
> >> To: focus-ids@securityfocus.com
> >> Subject: Automated IDS Signature Generator?
> >>
> >>
> >>
> >>
> >> IDS Folk,
> >>
> >>
> >>
> >> Is there a utility/function/program that automatically
> >> generates an IDS
> >>
> >> signature based on a recording of a monitored exploit attempt?
> >For
> >>
> >> example, say the exploit is brought into an isolated lab
> >> environment, and
> >>
> >> we record the whole attack. At the end of the attack, this
> >> "thing" spits
> >>
> >> out automated scripts for any number of IDS solutions. Seems like
> >it
> >>
> >> would be something that companies like
> >> Snort/Symantec/Dragon/etc. might
> >>
> >> already have, but I've never heard of such a utility.
> >>
> >>
> >>
> >> With Love,
> >>
> >>
> >>
> >> Quaker Oats
> >>
> >>
> >>
> >> "it's mmm mmm good..."
> >>
> >> --------------------------------------------------------------
> >>
> >> -----------------
> >> Attend the Black Hat Briefings & Training, July 28 - 31 in
> >> Las Vegas, the
> >> world's premier technical IT security event! 10 tracks, 15
> >> training sessions,
> >> 1,800 delegates from 30 nations including all of the top
> >> experts, from CSO's to
> >> "underground" security specialists. See for yourself what
> >> the buzz is about!
> >> Early-bird registration ends July 3. This event will sell
> >> out. www.blackhat.com
> >> --------------------------------------------------------------
> >>
> >> -----------------
> >>
> >>
> >
> >
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Big $$$ to be made with the HushMail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
- Previous message: Stephen Samuel: "Re: Recent anti-NIDS Gartner article"
- Maybe in reply to: quakeroats_at_hushmail.com: "Automated IDS Signature Generator?"
- Next in thread: Stefano Zanero: "Re: Automated IDS Signature Generator?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
