Re: Vulnerability & Exploit Signatures
From: MadHat (madhat_at_unspecific.com)
Date: 06/16/05
- Previous message: Matt Jonkman: "Re: Vulnerability & Exploit Signatures"
- In reply to: Kelly Dowd: "Re: Vulnerability & Exploit Signatures"
- Next in thread: M. Dodge Mumford: "Re: Vulnerability & Exploit Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Jun 2005 12:46:40 -0500 To: Kelly Dowd <loris65@gmail.com>
On Jun 16, 2005, at 7:25 AM, Kelly Dowd wrote:
> I doubt there is any licensing of base signatures between vendors
> (signature engines vary greatly between products, you can't just 'use'
> another products sigs). You will find that some developers look at
> existing signature sets to get 'ideas', but it's far from a
> one-for-one copy. Companies must develop their own sigs just like
> they develop their own appliances... it's a total package.
I think he might have meant signature data. Like does every vendor
research every attack and vulnerability to create every signature or
is there a company that sells the data to allow you to create your
own signatures based on someone else's research.
>
> -Kelly D.
>
> On 6/14/05, Jackson Yu <jackson.yu@earthlink.net> wrote:
>
>> Hi, I'm new to this list, so please bear with my question:
>>
>> ASIC/FPGA/Software/detection techniques aside, I sense that a huge
>> value of IPS
>> vendors are the lab-type organizations that are constantly
>> developing new filters
>> in response to new vulnerabilities and exploits. However, there's
>> no way that such
>> vendors can "hit the market" if you will with 2000+ filters out on
>> day
>> one.
>>
>> Do all these vendors license the same set of "base" filters from,
>> say,
>> Sourcefire / Snort derived rule source in the back? Is there a
>> commonality there? At the end of the day, can I say that "Gee,
>> most vendors' base set of 1500 IPS signatures are the same, its
>> just the 300 or so that the vendors have additionally developed on
>> top of that 1500 that are different!"
>>
>>
>> Thanks
>>
>> Jackson
>>
>>
>>
>> ---------------------------------------------------------------------
>> -----
>> Test Your IDS
>>
>> Is your IDS deployed correctly?
>> Find out quickly and easily by testing it with real-world attacks
>> from
>> CORE IMPACT.
>> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-
>> ids_040708
>> to learn more.
>> ---------------------------------------------------------------------
>> -----
>>
>>
>>
>
> ----------------------------------------------------------------------
> ----
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-
> ids_040708
> to learn more.
> ----------------------------------------------------------------------
> ----
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Matt Jonkman: "Re: Vulnerability & Exploit Signatures"
- In reply to: Kelly Dowd: "Re: Vulnerability & Exploit Signatures"
- Next in thread: M. Dodge Mumford: "Re: Vulnerability & Exploit Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
