Hosting Provided By

[Snort-sigs] Re: "bad guy" tagging

From: Grudge Mason <grudge_mason(at)hotmail.com>
Date: Thu Jul 17 2003 - 11:25:30 EDT

>Ok, it might not be the most beautiful solution, but putting this standard

Yes it would! (and it already is in some sigs....) Although i think you have got this thing all backwards. What you are asking for will only give the report reader (who may not be that technical) a false sense about what's going on anyway if it's all about "top attackers". Of course the most frequent attackers/attacks are almost always the ***LEAST*** interesting since they are always regular script kiddies or well known worms. So if the purpose of the report is to show some kind of threat level this top attacker stuff is totally useless and will only make the report reader ignore the rest (i.e. the stuff that REALLY matters).
People with clue who read the report will understand that most frequent adresses are not the same as most frequent attackers anyway.

Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail

This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Jul 18 09:30:16 2003

This message: [ Message body ]
Next message: Darryl Davidson: "[Snort-sigs] Documentation: SID 324"
Previous message: Donovan Tyler {tylerd}: "[Snort-sigs] need a packet trace for serv-u/malware ftp session w/o login..."
In reply to Brian: "Re: [Snort-sigs] Re: "bad guy" tagging"
Reply: Martin Olsson: "Re: [Snort-sigs] Re: "bad guy" tagging"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:32 EDT