Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Location For (Bleeding-Edge) Snort Sigs

Posted by timothy on from the because-malware-sucks dept.

Vantage writes "A few of us have gotten together and built a snort 'signature repository.' ... This is a place for everyone to post their personal and company-made signatures and to take a look at and use those submitted by others. It is by no means a replacement for the snort.org signature base, but it will help to get signatures out there for brand new vulnerabilities. We are hoping that those snort users in the /. community will add there sigs to this database. We are looking to add any and all signatures herem so please feel free to post all of your sigs."

2 of 26 comments (clear)

  1. phpBB2? by Ianoo · · Score: 2, Interesting

    That's like, what, a five click install process? No offense, but it doesn't strike me as the ideal software for doing this, let alone hard to set up. You haven't even customised it. You haven't even bought a domain name for this site. It's an interesting idea, but you really need to work on your web marketing skills. But it won't matter, since on a shared server with a MySQL backend I expect the site will be /.ed in about T-minus five minutes.

  2. Re: Snort rules by Vantage · · Score: 2, Interesting

    If you like submit the update utility... I use oinkmaster and have had good luck but if someone has another option... it would be interesting to look at.

    As for the reasoning behind this. I have debated this with dozens of people in the last week. Snort.org and the sourceforge snort list are great resources.. but few people submit things that they think are only good for there INTERNAL use and nothing makes it into the signature-base until it gets approved... in my instalation and in others there is a need for a good source of sigs for exploits that have JUST been released. Snort.org doesnt want to, and I agree with them, start releasing untested signatures... They do an increadable job. I, and several others, wanted a place we could put our signatures for brand new stuff. so we each didnt have to write a new signature while we were waiting for the "official" sig to be released into the snort sig-base. This place give us a place to submit our sigs and use each others and it allows us to cut down on the maintenance time that we spend on our snort installs. It is a usefull place for us and I hope it becomes a usefull place for others in our situation.

    As for your rules being uninteresting... I bet there is someone out there that would find them handy... Its not like it is hard to post them... and maybe someone can use them... I say post what you have... it cant hurt and it might help someone out!!