Re: [Snort-users] Team0x42 Snort rules
This is a discussion on Re: [Snort-users] Team0x42 Snort rules within the Snort forums, part of the System Security and Security Related category; On 4/7/08 5:01 PM, "TheWell" <TheWell@team0x42.homeunix.org> wrote: > Some good ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-08-2008
|
|||
|
|||
Re: [Snort-users] Team0x42 Snort rules
On 4/7/08 5:01 PM, "TheWell" <TheWell@team0x42.homeunix.org> wrote:
> Some good snort rules by Team0x42 > Shellcode detection, Web attack detection, DoS detection and web-misc rules > You can download the rule set from: > http://team0x42.homeunix.org/projects.html Thanks for the effort to write and share your rules. Honestly though, they do need a little work. Your best bet is to join the snort-sigs mailing list and submit your efforts there. It is the best place to get constructive and useful feedback on your rules. We are always happy to help people who listen and make the effort to produce good work. Take note of the comments in this thread about the encoding of shellcode and reducing the number of rules by using a modification to your pcre options. It would also help people to know what version(s) of snort you tested your rules against. Cross-posting this to snort-sigs so that the discussion might continue there. -- Nigel Houghton Resident Hooligan SF VRT ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757...un.com/javaone _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
