[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Need filters
From: "David H. Lipman" <DLipman () Verizon ! Net>
Date: 2010-06-27 18:06:07
Message-ID: i083un$2qh$1 () dough ! gmane ! org
[Download RAW message or body]
From: "M K" <gedropi@gmail.com>
| Exactly. Thanks.
| On 6/22/10, bart sikkes <b.sikkes@gmail.com> wrote:
>>> Thanx!
>>> I passed on your comment. Maybe what I should do next is point him to
>>> this News group.
>> and what if the malware uses the port(s) you are going to exclude?
>> specially with malware i would be careful with what you call noise,
>> that noise can be used to hide the malware.
After examining much malware, you get a feel for what is noise (background MS OS
communication) and the malware performing such tasks as; exfiltrtion of data,
communicating to a C2, worms trying dictionary attacks, sending SQL Injecton packets, etc.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic