[Intrusions] Assessing Your Malware Exposure with Snort
Cory.Bys at fbol.com
Cory.Bys at fbol.com
Tue Feb 15 16:39:21 GMT 2005
I have written a few thousand Snort rules that are intended to detect
successful HTTP communication with hosts known to be evil. They look for
domain names in the Host string so they are not subject to evasion by
changing IP addresses.
If you would like to give them a try you can grab them from
http://www.kgb.to/malware.html .
******************* N O T I C E *******************
The information contained in this e-mail, and in any accompanying
documents, may constitute confidential and/or legally privileged
information. The information is intended only for use by the
designated recipient. If you are not the intended recipient (or
responsible for the delivery of the message to the intended
recipient), you are hereby notified that any dissemination,
distribution, copying, or other use of, or taking of any action in
reliance on this e-mail is strictly prohibited. If you have received
this e-mail communication in error, please notify the sender
immediately and delete the message from your system.
***************************************************
More information about the Intrusions
mailing list