With the exception of a select few, all Cisco IPS signatures are open, and can be cloned, edited, added-to, or edited. Signatures are stored in an xml format inside the .pkg file which is applied to a Cisco IPS sensor.
Gary -----Original Message----- From: Richard Bejtlich [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 1:31 PM To: Andrew Plato Cc: [email protected] Subject: Re: IDS vs. IPS deployment feedback On 4/10/06, Andrew Plato <[EMAIL PROTECTED]> wrote: > Yes...SOURCEFIRE customers get those signatures early. They get handed > out to the Snort world well after the fact. SourceFire is a commercial > company and you must PAY to get their product. > > In other words - Sourcefire is no different than TP, ISS or any other > commercial vendor in this regard. As such, we're all just selling what > we know. Andrew, You call five days "well after the fact"? Snort rules are free for registered users, by the way. Here's another difference between ISS and Snort -- I can read Snort rules, even those developed by Sourcefire. Can you point me to the place where I can download and review ISS rules, even assuming I am a registered owner? Cisco? Other? One of the ways to build trust in a product is to see how it works. I trust Snort more than similar products because I can understand its decision-making process. Richard ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
