There are some projects based on honeypots to try to generate signatures for ids in automatic way.
Check it ! regards On Sun, May 20, 2007 at 12:54:31PM +0200, Sanjay R wrote: > Hi List: > There have been few studies to propose the automatic generation for > misuse based IDS, like snort (in fact, it is the hot area of research > among IDS researchers). Suddenly, it came into my mind, whether is it > feasible to generate (Good) signatures for all types of attack in an > automatic way (in a black-box environment, where we don't have the > source-code of the vulnerable application)? Perhaps, It is easy > (relatively) to automatically generate signature for flooding type of > attacks. The main cause of my doubt is the observation that it is not > feasible to generate attacks automatically. Usually, an attacker spend > hours to analyze the application and then write an exploit. We don't > have any tool that take, as an input, the application to be > exploited, and gives us an working exploit (of course, Metasploit > helps us to create exploit). Therefore, the early thought that comes > into my mind is "creating an automated signature generation tool is as > difficult as creating an automated attack generation tool". I would > like to know your opinion on this. > > -Sanjay > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ -- Hugo Francisco González Robledo Instituto Tecnológico de San Luis Potosí Llave pública en http://www.honeynet.org.mx Llave pública en http://ardilla.zapto.org Preguntale a Google-Earth donde estoy : http://ardilla.zapto.org/ubicaHugo.kml ------------------------------------------- Educación es lo que queda después de olvidar lo que se ha aprendido en la escuela. Albert Einstein ------------------------------------------- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
