Vulnerability & Exploit Signatures

• Previous message: David Kee: "RE: on NIDS/NIPS tuning"
• Next in thread: dgr8hunt: "Re: Vulnerability & Exploit Signatures"
• Reply: dgr8hunt: "Re: Vulnerability & Exploit Signatures"
• Reply: Kelly Dowd: "Re: Vulnerability & Exploit Signatures"
• Reply: M. Dodge Mumford: "Re: Vulnerability & Exploit Signatures"
• Maybe reply: Kyle Quest: "RE: Vulnerability & Exploit Signatures"
• Maybe reply: Marc Maiffret: "RE: Vulnerability & Exploit Signatures"
• Maybe reply: Ofer Shezaf: "RE: Vulnerability & Exploit Signatures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 14 Jun 2005 14:15:44 -0700 (GMT-07:00)
To: focus-ids@securityfocus.com

Hi, I'm new to this list, so please bear with my question:

ASIC/FPGA/Software/detection techniques aside, I sense that a huge value of IPS
vendors are the lab-type organizations that are constantly developing new filters
in response to new vulnerabilities and exploits. However, there's no way that such
vendors can "hit the market" if you will with 2000+ filters out on day
one.

Do all these vendors license the same set of "base" filters from, say,
Sourcefire / Snort derived rule source in the back? Is there a commonality there? At the end of the day, can I say that "Gee, most vendors' base set of 1500 IPS signatures are the same, its just the 300 or so that the vendors have additionally developed on top of that 1500 that are different!"

Thanks

Jackson

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: David Kee: "RE: on NIDS/NIPS tuning"
• Next in thread: dgr8hunt: "Re: Vulnerability & Exploit Signatures"
• Reply: dgr8hunt: "Re: Vulnerability & Exploit Signatures"
• Reply: Kelly Dowd: "Re: Vulnerability & Exploit Signatures"
• Reply: M. Dodge Mumford: "Re: Vulnerability & Exploit Signatures"
• Maybe reply: Kyle Quest: "RE: Vulnerability & Exploit Signatures"
• Maybe reply: Marc Maiffret: "RE: Vulnerability & Exploit Signatures"
• Maybe reply: Ofer Shezaf: "RE: Vulnerability & Exploit Signatures"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]