Re: Automated IDS Signature Generator?

>Is there a utility/function/program that automatically generates an IDS
>signature based on a recording of a monitored exploit attempt? For
That's a joke, right? :-) I suspect that is provably impossible especially if you will include application exploits and various configuration abuses.

The obvious questions are, how would thus "utility" know... 1....what part of the whole network traffic session is indeed malicious (is that the first SYN or what?)
2. ...what part of the malicious traffic session to use for the signature?
3. ...what part will be repeated in the subsequent attacks?

I am sure there are more questions pending.

Think about it, there is not even a good GUIDE on how to program a HUMAN to do the above task...

Best,

-- 
  Anton A. Chuvakin, Ph.D., GCI*
     
http://www.chuvakin.org
   
http://www.info-secure.org


-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------