loose IDS collaboration for .EDU's

Jake F Harwood jakef at socrates.Berkeley.EDU
Thu Jul 25 21:28:25 GMT 2002

The Security group at Berkeley has recently setup a loose collaboration 
project with a few security savvy departments on campus to help address 
among other things the limitations of signature based IDS in 

I have found my self drawing a lot from the list to help me come up with 
signatures for snort, and also notice the parallel in attack trends among 
other .EDU's.

And wile I dont feel comfortable sharing my sensor config's with the hole 
group, I would like to see if anyone who runs a snort for an .EDU has an 
interest in also starting a loose collaboration in hopes to produce and 
share signatures and attack treads.

I hope to hear everyones thoughts on this.


Jake F Harwood                         University of California, Berkeley
System & Network Security              2484 Shattuck Avenue
                                                Phone (510)643-8241
                                                Cell  (510)390-2580
"Who is this General Failure and why is he reading my hard drive?" -F

More information about the unisog mailing list