Re: snort signature analysis tools

• Previous message: Arndt.WA_at_forces.gc.ca: "RE: IDS CISCO alarm"
• In reply to: Scott Kelly: "snort signature analysis tools"
• Next in thread: Scott Kelly: "RE: snort signature analysis tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 7 Jan 2005 09:47:42 -0500
To: "Scott Kelly" <SKelly@facetime.com>

What do you mean by overlaps/collisions? Rules that cover the same
attack, duplicates, rules that will "cover" other rules and prevent
them from firing?

On Jan 4, 2005, at 1:16 PM, Scott Kelly wrote:

> Does anyone know of any tools to analyze a batch of snort signatures
> for
> overlaps/collisions?
>
>
>
> -----------------------------------------------------------------------
> ---
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> -----------------------------------------------------------------------
> ---
>
>

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

• Previous message: Arndt.WA_at_forces.gc.ca: "RE: IDS CISCO alarm"
• In reply to: Scott Kelly: "snort signature analysis tools"
• Next in thread: Scott Kelly: "RE: snort signature analysis tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Core Impact references ... There are several ways to accomplish what you need within CORE IMPACT. ... > can reduce the chances of the attacks being noticed. ... >>Hackers are concentrating their efforts on attacking applications on ... Check your website for ... (Pen-Test) Re: SSL - Man-in-the-Middle filtering ... spoofed the connection?what IPS will do in tht case?discard the ... If you are looking for attacks against SSL, IPSEC, etc... ... attacks from CORE IMPACT. ... (Focus-IDS) RE: Core Impact references ... Core Impact is amazing; I've used it in the past. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) RE: Comparison Between IDS / IPS Products ... All our reports are freely available on our web site - we have even removed ... All that is missing from the on-line versions are the complete benchmark ... >> attacks from CORE IMPACT. ... (Focus-IDS) Re: Fwd: Solaris 10 x86 HIDS ... > with real-world attacks from CORE IMPACT. ... delivery of this message to an intended recipient), ... (Focus-IDS)