Network-based Intrusion Detection & Prevention
Content Leader: Jess Garcia - Last Updated: January 17, 2007
The below notes are aimed at helping you in your daily Traffic Analysis. They cover the most usual information you need for real life operations, but they are not meant to be a complete reference. A best effort is made to keep them as accurate and updated as possible.
Tools for helping in the development of signatures:
Universal Pattern Searcher - Looks for common patterns in different datasets
Worminator - Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support.
Capture Files Repositories: