Home page logo

snort logo Snort mailing list archives

Re: flowbits: netsenum
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 30 May 2013 17:52:54 -0400

On May 30, 2013, at 4:05 PM, waldo kitty <wkitty42 () windstream net> wrote:

 the fact that our environment it its own 
distribution and not one of the big name brand one adds complication to the 
process since they are distributed only in compiled form...

Let me also correct this statement.  We ship the large majority of SO rules in open form (meaning you can compile them 
yourself).  There are very few rules out that are part of our NDA agreement to obfuscate the detection being done 
through an SO.  We've only shipped one obfuscated rule (I think) in the past two years, and that's because its a zero 
day that we've reported to the vendor.

The vast majority of SO rules you can download the source for (it's included in the tarball) and compile on your own 

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]