|
|
Focus on IDS
CVE selection for IDS/IPS signature rules May 29 2008 05:32AM Ravi Chunduru (ravi is chunduru gmail com) (2 replies) Re: CVE selection for IDS/IPS signature rules Jun 03 2008 05:43PM Enigma (enigma security-fu com) (2 replies) Re: CVE selection for IDS/IPS signature rules Jun 03 2008 06:40PM Leon Ward (seclists rm-rf co uk) (1 replies) Re: CVE selection for IDS/IPS signature rules Jun 03 2008 07:00PM Enigma (enigma security-fu com) (1 replies) Re: CVE selection for IDS/IPS signature rules May 29 2008 06:35PM Ron Gula (rgula tenablesecurity com) (1 replies) RE: CVE selection for IDS/IPS signature rules Jun 02 2008 06:33PM Srinivasa Addepalli (srao intoto com) |
|
Privacy Statement |
On Jun 3, 2008, at 3:00 PM, Enigma wrote:
> This is a little off topic. Not knocking Sourcefire or VRT (3D is
> great and I use the VRT sigs all the time) but I have found these
> type of signatures to have the highest rate of false positives.
> Don't get me wrong, these are useful when there isn't anything else
> but signatures developed from public or at least seen-in-the-wild
> exploits are much more accurate.
I know that Sourcefire has a great false positive reporting method for
rules. Pcap's are needed.
--
Joel Esler
 joel.esler (at) mac (dot) com [email concealed]
 http://blog.joelesler.net
[m]
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]