OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian (bmcsnort.org)
Date: Sat Jan 19 2002 - 17:55:28 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You have received this mail because ... we need your help.

    Here's the deal. There is not a good reference point for alerts snort
    keeps popping up in front of people's face. We, the core snort team, are
    working hard to build the best IDS possible, and this is the next step.

    So, if you can help us out, we would be forever greatful. I've built a
    signature information database, and we need your help to fill in the blanks.

    We need you to help research our signatures. We are looking to provide our
    users with the following information:

       Summary Impact
       Detailed Information Attack Scenarios
       Ease of Attack Recommended Action
       False Positives False Negatives
       References

    Basicly, what the signature triggers on, why its important, how someone
    might use this issue to their advantage (aka, to dos a system, exploit
    it), what someone might do to mitigate this problem, how this may false,
    and any additional references to what references we already have.

    Here is the deal, attached is our template for the data that we are looking
    for. Research the information required by the template and email it to
    snort-sigslists.sourceforge.net. One of the snort core developers will
    add it into the database.

    There are a few requirements for the information that we include in our
    database. The information must be ORIGINAL CONTENT. Do not cut and paste
    someone elses work. Paraphrasing is good, referencing is ok. Just don't
    violate someone's copyright and all will be ok. If you are unsure of some
    part of the rule, include that as a commentary and someone else perhaps will
    be able to fix it.

    Also, We are also looking for pcap for each of the signatures. If you have
    raw tcpdump capture of these signatures, please send them to <bmcsnort.org>
    to be included in the database.

    Visit http://www.snort.org/snort-db/unfinished.html for a list of the
    signatures that do not have a completed entry.

    Please check http://www.snort.org/snort-db/ for more information.

    This is a time consuming effort, but it will be worth it.

    Thanks,
    Brian 

    --
Brian Caswell
Snort Signature Nazi