[Dshield] Mpack Snort Sigs?
Tomas L. Byrnes
tomb at byrneit.net
Tue Jun 19 02:56:45 GMT 2007
On a similar note, does anyone have a list of the seed sites? We could
propagate them as an emergency block list in ThreatSTOP basic.
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Brian Varine
> Sent: Monday, June 18, 2007 5:34 PM
> To: General DShield Discussion List
> Subject: [Dshield] Mpack Snort Sigs?
>
> There was a pretty good write up in todays handlers diary
> about Mpack. Has anyone written good Snort sigs for this
> exploit? So far we've put one in to flag any downloads of
> o7.php, any other successful sigs?
>
> http://isc.sans.org/diary.html
> http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/
> 11/MPack.pdf
>
>
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC. 56
> courses, SANS top instructors, and a great tools and
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>
More information about the list
mailing list