[prev in list] [next in list] [prev in thread] [next in thread]
List: bleeding-sigs
Subject: Re: [Bleeding-sigs] Re: typo on Srizbi
From: CunningPike <cunningpike () gmail ! com>
Date: 2007-12-13 22:14:27
Message-ID: 4761AEC3.3090100 () gmail ! com
[Download RAW message or body]
May I recommend the following in /etc/oinkmaster.conf:
modifysid * "reference:url:" | "reference:url,"
And if you're not using oinkmaster, you should be :-)
CP
Blake Hartstein wrote:
> Fixed. sorry about that, you might consider upgrading to a newer snort
> version.
> I'll test with 2.6 in the future as well.
>
> Blake
>
>
> Jack Pepper wrote:
>> Quoting Blake Hartstein <urule99@gmail.com>:
>>
>>>
>>> #by Joe Stewart from SecureWorks
>>> alert udp $HOME_NET 1024: -> $EXTERNAL_NET 4099 (msg:"BLEEDING-EDGE
>>> TROJAN Srizbi registering with controller"; dsize:20; content:"|2d|";
>>> offset:6; content:"|2d|"; distance:6; within:1;
>>> classtype:trojan-activity;
>>> reference:url:www.secureworks.com/research/threats/ronpaul; sid:2007706;
>>> rev:1; )
>>
>> "url:" should be "url," .
>>
>> jp
>> Framework? I don't need no stinking framework!
>>
>> ----------------------------------------------------------------
>> @fferent Security Labs: Isolate/Insulate/Innovate
>> http://www.afferentsecurity.com
>>
>> _______________________________________________
>> Bleeding-sigs mailing list
>> Bleeding-sigs@bleedingthreats.net
>> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
>
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic