Re: need your help,thanks

From: Konrad Rieck (rieck_at_first.fhg.de)
Date: 08/31/04

  • Next message: Stefan Keller: "Re: session logging IDS" 
    To: Focus IDS <focus-ids@securityfocus.com>
Date: Tue, 31 Aug 2004 10:15:42 +0200

    On Sun, 2004-08-29 at 18:57, Jose Maria Lopez wrote:
    > Snort used to have a patch that was an anormality detector that could
    > learn from the "normal" traffic in your site and make alerts when
    > "strange" traffic was detected, but I think it didn't work very well
    > because it seems that they have quitted the development.

    The patch is called SPADE/SPICE and was written by SiliconDefense,
    http://tinyurl.com/5nwy7. It's outdated nowadays.

    Regards,
    Konrad 

    -- 
Konrad Rieck <rieck@first.fhg.de>, Fraunhofer FIRST, http://first.fhg.de
PGP Key Fingerprint = 7D55 5896 834A A1C8 303C  8BC5 4C53 3611 C1FA 82F2

  • Next message: Stefan Keller: "Re: session logging IDS"

    Relevant Pages

    • Re: [Full-disclosure] Apache Killer
      ... might help while waiting for a patch. ... you should take care that this rule is very ... However this is certainly not the best possible as I am no Snort rules ...
      (Full-Disclosure)
    • [UNIX] Snort Core Dump Vulnerability
      ... It is possible to cause <http://www.snort.org/> Snort, ... Snort version 1.8 and prior (without the patch) ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • Smoothwall Firewall SNORT buffer overflow
      ... is using a vulnerable version of snort. ... A patch has been released for the stable GPL 1.0 version: ... no patch has been released for the beta version GPL 2.0 Mallard. ... Snort vulnerability reference: ...
      (Bugtraq)