[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] empty botcc group breaks snort
From: jonkman () jonkmans ! com (Matt Jonkman)
Date: 2008-02-17 14:43:11
Message-ID: 47B847FF.2020705 () jonkmans ! com
[Download RAW message or body]
Fixed up. Sorry about that.
Sleddens, J.P.G. wrote:
> Hi!,
>
> Tonight with the update an empty botcc group sneaked into the ET rules \
> (bleeding-botcc.rules & bleeding-botcc-BLOCK.rules), it's the last one in the \
> ruleset:
> alert ip $HOME_NET any -> [] any (msg:"ET DROP Known Bot C&C Server Traffic (group \
> 18) "; reference:url,www.shadowserver.org; threshold: type limit, track by_src, \
> seconds 3600, count 1; classtype:trojan-activity; sid:2404017; rev:1072;)
> Jeffry Sleddens
> Rotterdam University
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic