Announcement: Alert Verification for Snort

From: Christopher Kruegel (chris_at_cs.ucsb.edu)
Date: 10/22/03

  • Next message: Bourque Daniel: "RE : Experiences with Toplayer Attack Mitigator IPS" 
    Date: Tue, 21 Oct 2003 18:16:34 -0700
To: focus-ids@securityfocus.com

    [Please excuse multiple copies of this message]

    Alert Verification is a technique to reduce the large number of false
    positives produced by intrusion detection systems such as Snort. The idea
    is to actively probe for the vulnerability that is exploited by a certain
    detected attack. When the victim is not vulnerable, the alert can be simply
    discarded or tagged with a low priority.

    William Robertson has implemented an extension for Snort that implements
    Alert Verification. Patches for the current version of Snort (2.0.2) and
    additional information are available under

    http://www.cs.ucsb.edu/~wkr/projects/ids_alert_verification/

    Please send any comments or bug reports to

    snort-av@cs.ucsb.edu

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
    ---------------------------------------------------------------------------

  • Next message: Bourque Daniel: "RE : Experiences with Toplayer Attack Mitigator IPS"