Re: snort signature analysis tools

From: Martin Roesch (roesch_at_sourcefire.com)
Date: 01/12/05

  • Next message: Stefano Zanero: "Re: newbie quetsions" 
    Date: Tue, 11 Jan 2005 23:00:40 -0500
To: "Scott Kelly" <SKelly@facetime.com>

    Hi Scott,

    I don't think there are any tools like that out there currently.

          -Marty

    On Jan 7, 2005, at 11:48 AM, Scott Kelly wrote:

    >> -----Original Message-----
    >> From: Martin Roesch [mailto:roesch@sourcefire.com]
    >> Sent: Friday, January 07, 2005 6:48 AM
    >> To: Scott Kelly
    >> Cc: focus-ids@securityfocus.com
    >> Subject: Re: snort signature analysis tools
    >>
    >> What do you mean by overlaps/collisions? Rules that cover the same
    >> attack, duplicates, rules that will "cover" other rules and prevent
    >> them from firing?
    >>
    >
    > Maybe "intersecting rules" would be a better description. Is there a
    > way, given an existing rule set, to determine the uniqueness of a
    > proposed rule, to detect (interesting) intersections with other rules?
    >
    > Thanks,
    >
    > Scott
    >
    >
    >
    > 

    -- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
  • Next message: Stefano Zanero: "Re: newbie quetsions"