Home page logo
/

snort logo Snort mailing list archives

Re: [Emerging-Sigs] New Proposed Classification.config file setup
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 27 Dec 2010 14:30:00 -0600

On Thu, 2010-12-23 at 17:27 -0500, Joel Esler wrote:
As mentioned earlier, here's the proposed Classification.config file
setup posted and available for download here:


http://blog.snort.org/2010/12/new-proposed-classificationconfig-file.html


Please take a look, leave comments preferably on the blog, but also
here would be fine.  


I think that's way overkill. If you attempt to include all protocols
into a classification system, you'll create more complexity and
potential confusion, making the system less useful. For starters, where
is exploit-pop3? (add your favorite protocol that's not on the list).

Class and subclass concept is fine. We've been using such a
classification in our system for while. However, breaking it out by type
and protocol does not appear to make much sense, at least to me.

I believe a simpler system that doesn't mushroom by the power of 2 would
be more effective and easier to use.

Regards,
Frank


Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault