wow! is there any way to have a smaller list of "active" sigs? (or would that "smaller" list still be too large for most snort installations)?<br><br><br><br><div class="gmail_quote">On Sun, Jan 25, 2009 at 11:38 AM, Josh Smith <span dir="ltr"><<a href="mailto:famousjs@gmail.com">famousjs@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I have been working on converting the PEiD database of binary packer<br>
signatures straight to snort signatures. I've been refining my<br>
signatures with other members from Emerging Threats, and have over<br>
10,000 snort signatures for packers. I was told this may be a good<br>
topic to bring up (binary packer detection) for OISF.<br>
<br>
-Josh<br>
_______________________________________________<br>
Discussion mailing list<br>
<a href="mailto:Discussion@openinfosecfoundation.org">Discussion@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/discussion" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>
</blockquote></div><br>