[Discussion] Binary Signature Detection

• Previous message (by thread): [Discussion] Binary Signature Detection
• Next message (by thread): [Discussion] Binary Signature Detection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

wow! is there any way to have a smaller list of "active" sigs? (or would
that "smaller" list still be too large for most snort installations)?



On Sun, Jan 25, 2009 at 11:38 AM, Josh Smith <famousjs at gmail.com> wrote:

> I have been working on converting the PEiD database of binary packer
> signatures straight to snort signatures.  I've been refining my
> signatures with other members from Emerging Threats, and have over
> 10,000 snort signatures for packers.  I was told this may be a good
> topic to bring up (binary packer detection) for OISF.
>
> -Josh
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20090125/562874bd/attachment-0002.html>

• Previous message (by thread): [Discussion] Binary Signature Detection
• Next message (by thread): [Discussion] Binary Signature Detection
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]