[Please excuse multiple copies of this message]
Alert Verification is a technique to reduce the large number of false
positives produced by intrusion detection systems such as Snort. The idea
is to actively probe for the vulnerability that is exploited by a certain
detected attack. When the victim is not vulnerable, the alert can be simply
discarded or tagged with a low priority.
William Robertson has implemented an extension for Snort that implements
Alert Verification. Patches for the current version of Snort (2.0.2) and
additional information are available under
http://www.cs.ucsb.edu/~wkr/projects/ids_alert_verification/
Please send any comments or bug reports to
snort-av_at_cs.ucsb.edu
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
---------------------------------------------------------------------------
Received on Oct 22 2003
Intro
