|
|
Malware zero day thingy: msg#00164security.ids.snort.sigs
anybody got a good sig at this point? I am thinking something like simply going for any attempt to store payload at something like "C:\WIN"? Lots of false+ on micro$oft updates perhaps? What is the collective wisdom at this point? ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Rules utilisation: 00164, Byron Copeland |
|---|---|
| Next by Date: | Re: Rules utilisation: 00164, Matt Jonkman |
| Previous by Thread: | Re: Rules utilisationi: 00164, Jason |
| Next by Thread: | Re: Malware zero day thingy: 00164, James Riden |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |