Re: Vulnerability & Exploit Signatures
From: M. Dodge Mumford (dodge_at_nfr.net)
Date: 06/16/05
- Previous message: snort user: "Re: Snort & iptables on the same box"
- In reply to: Jackson Yu: "Vulnerability & Exploit Signatures"
- Next in thread: Kyle Quest: "RE: Vulnerability & Exploit Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Jun 2005 10:39:50 -0400 To: Jackson Yu <jackson.yu@earthlink.net>
Jackson Yu said:
> Do all these vendors license the same set of "base" filters from, say,
> Sourcefire / Snort derived rule source in the back? Is there a
> commonality there? At the end of the day, can I say that "Gee, most
> vendors' base set of 1500 IPS signatures are the same, its just the 300 or
> so that the vendors have additionally developed on top of that 1500 that
> are different!"
That's an interesting question that, as a vendor, I'm very interested in
seeing the answers to. I write N-Code for NFR, and while we use all
available public sources of information we can to get about how to detect
vulnerabilities, all of our code to actually perform detection has been
completely written from scratch in-house. When purchased, the N-Code that
does the detection is viewable in source code so that when we trigger
alerts, it is possible to determine precisely what caused the alert to
trigger. For those who learn to at least read N-Code anyway. :-)
-- Dodge
- application/pgp-signature attachment: stored
- Previous message: snort user: "Re: Snort & iptables on the same box"
- In reply to: Jackson Yu: "Vulnerability & Exploit Signatures"
- Next in thread: Kyle Quest: "RE: Vulnerability & Exploit Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
