SecurityFocus

CVE selection for IDS/IPS signature rules May 29 2008 05:32AM
Ravi Chunduru (ravi is chunduru gmail com) (2 replies)

Hi,

There are over 30000 CVE vulnerability reports. Many IDS/IPS devices
have around 4000-5000 signature rules. My guess is that these
signatures may cover (detect)around 4000-7000 attacks. 23000 to 26000
CVEs, that is, significant number of CVEs are not covered by IDS/IPS
devices.

I am guessing that there is reason for this. IDS/IPS vendors may be
selecting few CVEs for developing signatures. What is the selection
criteria followed in industry? One criteria, I know is that Network
IDS/IPS devices don't need to worry about attacks that can only be
mounted on the local machine, that is, NIDS/NIPS devices only need to
worry about detection of attacks mounted remotely. Are there any other
considerations?

Thanks
Ravi

------------------------------------------------------------------------

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------

[ reply ]

Re: CVE selection for IDS/IPS signature rules Jun 03 2008 05:43PM
Enigma (enigma security-fu com) (2 replies)

RE: CVE selection for IDS/IPS signature rules Jun 03 2008 06:42PM
Dimitris Patsos (dpat space gr)

Re: CVE selection for IDS/IPS signature rules Jun 03 2008 06:40PM
Leon Ward (seclists rm-rf co uk) (1 replies)

Re: CVE selection for IDS/IPS signature rules Jun 03 2008 07:00PM
Enigma (enigma security-fu com) (1 replies)

Re: CVE selection for IDS/IPS signature rules Jun 05 2008 03:09PM
Joel Esler (joel esler mac com)

Re: CVE selection for IDS/IPS signature rules May 29 2008 06:35PM
Ron Gula (rgula tenablesecurity com) (1 replies)

RE: CVE selection for IDS/IPS signature rules Jun 02 2008 06:33PM
Srinivasa Addepalli (srao intoto com)