References
129
Use a number to identify a rule with the help of the sid keyword.
If the vulnerability is known, always use a reference to a URL where more
information can be found using the reference keyword.
Always use the rev keyword in rules to keep a record of different rule versions.
In addition, you should always try to write rules that are generalized and are able
to detect multiple variations of an attack. Usually bad guys use the same tools with little
modifications for different purposes. Good rules can and should be able to detect these
variations.
3.13 References
1. Classless Inter Domain Routing or CIDR. RFC 1519 at http://www.rfc edi
tor.org/rfc/rfc1519.txt
2. Transmission Control Protocol RFC 793 at http://www.rfc editor.org/rfc/
rfc793.txt
3. User Datagram Protocol RFC 768 at http://www.rfc editor.org/rfc/rfc768.txt
4. The nmap at it web site http://www.nmap.org
5. The Internet Protocol RFC 791 at http://www.rfc editor.org/rfc/rfc791.txt
6. The Internet Control Message Protocol at http://www.rfc editor.org/rfc/
rfc792.txt
7. Assigned Numbers RFC 1700 at http://www.rfc editor.org/rfc/rfc1700.txt
8. Oinkmaster at http://www.algonet.se/~nitzer/oinkmaster/
9. Open NMS at http://www.opennms.org
10. Internet Corporation for Assigned Names and Numbers (ICANN) at http://
www.icann.org
11. The arachnids web site at http://www.whitehats.com/info/IDS
12. The securityfocus mailing list archive at http://online.securityfocus.com/
archive/1
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved