Re: [Emerging-Sigs] Reliability of signatures

[Seth Hall <seth () remor com>]

On Feb 11, 2011, at 10:08 AM, Matt Olney wrote:

> There is not a better solution for detecting the delivery of exploits, that is the job of an IDS.  SPAM can lead you 
> to an attack, or to a longer *****, but it isn't, in itself an attack.

I never claimed that it was an attack, I only responded to your statement that "spam isn't an IDS issue".

> I agree there is a ton of metadata on the network that is incredibly useful both for correlation and forensics (see 
> intel nuggets on Razorback).  

What I've noticed though is that frequently tools don't make the right information available at the right time and the 
right place.  Where can I read more about what intel nuggets are?

  .Seth
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users