Snort FAQ

What is a signature?

In the security world the word signature has been given numerous definitions over the years. For the purposes of this discussion, a signature is defined as any detection method that relies on distinctive marks or characteristics being present in an exploits. These signatures are specifically designed to detect known exploits as they contain distinctive marks; such as ego strings, fixed offsets, debugging information, or any other unique marking that may or may not be related to actually exploiting a vulnerability.

This type of detection is typically classified as day after detection, as actual public exploits are necessary for this type of detection to work. Anti-Virus companies utilize this type of technology for protecting their customers from virus outbreaks. As we have seen over the years this type of protection only has limited protection capabilities as the virus has already infected someone before a signatures can be written.