You have received this mail because ... we need your help.

Here's the deal. There is not a good reference point for alerts snort keeps popping up in front of people's face. We, the core snort team, are working hard to build the best IDS possible, and this is the next step.

So, if you can help us out, we would be forever greatful. I've built a signature information database, and we need your help to fill in the blanks.

We need you to help research our signatures. We are looking to provide our users with the following information: Summary Impact Detailed Information Attack Scenarios Ease of Attack Recommended Action False Positives False Negatives References

Basicly, what the signature triggers on, why its important, how someone might use this issue to their advantage (aka, to dos a system, exploit it), what someone might do to mitigate this problem, how this may false, and any additional references to what references we already have.

Here is the deal, attached is our template for the data that we are looking for. Research the information required by the template and email it to snort-sigs@lists.sourceforge.net. One of the snort core developers will add it into the database.

There are a few requirements for the information that we include in our database. It must be ORIGINAL CONTENT. Do not cut and paste someone elses work. Paraphrasing is good, referencing is ok. Just don't violate someone's copyright and all will be ok. If you are unsure of some part of the rule, include that as a commentary and someone else perhaps will be able to fix it.

Also, We are also looking for pcap for each of the signatures. If you have raw tcpdump capture of these signatures, please send them to to be included in the database.

Visit http://www.snort.org/pub-bin/needed.cgi for a list of the signatures that do not have a completed entry.

Please check http://www.snort.org/snort-db/ for more information.