Re: Vulnerability & Exploit Signatures
From: Joel Esler (eslerj_at_gmail.com)
Date: 06/21/05
- Previous message: David W. Goodrum: "Re: IDS Signature Confidence"
- In reply to: Ofer Shezaf: "RE: Vulnerability & Exploit Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Jun 2005 07:15:14 -0400 To: "Ofer Shezaf" <Ofer.Shezaf@breach.com>
Niksun (www.niksun.com) has a certified Snort Rule program.
Joel Esler
On Jun 19, 2005, at 8:22 AM, Ofer Shezaf wrote:
>
>> From: Kelly Dowd [mailto:loris65@gmail.com]
>> Sent: Thursday, June 16, 2005 3:26 PM
>>
>> I doubt there is any licensing of base signatures between vendors
>> (signature engines vary greatly between products, you can't just 'use'
>> another products sigs). You will find that some developers look at
>> existing signature sets to get 'ideas', but it's far from a
>> one-for-one copy. Companies must develop their own sigs just like
>> they develop their own appliances... it's a total package.
>>
>
> Actually there is a thriving commercial market for signatures'
> databases. I think that this market is natural due to two reasons:
>
> a. More and more unified boxed do IDS in addition to other features. It
> is very difficult to maintain the IP required for all those features
> and
> buying the know-how from specialists is a good way to go.
>
> b. Vulnerability based signatures are becoming just one of the
> detection
> tools in the arsenal of a good intrusion detection system. Behavioral
> technologies, misuse technologies more advanced than signatures and
> positive logic (protocol compliance for example) are complementing
> traditional vulnerably signatures. Again, licensing the signatures part
> of the product is a viable alternative.
>
> ~ Ofer
>
> Ofer Shezaf
> OWASP Israel Chair
> http://www.owasp.org/local/israel.html
>
> CTO, Breach Security
> Phone (US): +1 (760) 268.1924 ext. 702
> Phone (Israel): +972 (9) 956.0036 ext.212
> Cell: +972 (54) 443.1119
> ofers@breach.com
> http://www.breach.com
>
>
> -----------------------------------------------------------------------
> ---
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to
> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> -----------------------------------------------------------------------
> ---
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: David W. Goodrum: "Re: IDS Signature Confidence"
- In reply to: Ofer Shezaf: "RE: Vulnerability & Exploit Signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
