[unisog] Snort signatures for detecting W32.Nugache.A@mm
Brian Eckman
eckman at umn.edu
Mon May 1 22:27:46 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Eckman wrote:
> I just submitted these to Bleeding Snort as a potential update to a very
> simple Snort rule that they are distributing. Thanks to Josh Ballard of
> KSU for the protocol analysis.
<snip>
After a discussion with a couple of Bleeding Snort admins, I endorse the
newest rev of the Bleeding Snort rule for Nugache:
http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_P2P_Bots?rev=1.10&view=markup
If you know you aren't doing stream reassembly on tcp/8, the rules I
posted might work better for you.
Thanks,
Brian
- --
Brian Eckman
Security Analyst
OIT Security and Assurance
University of Minnesota
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFEVoti4T3WZ0fLcqgRAiyUAJ9xI3mI5S+kxMaBr0oqbfVRPpn8kwCgjRFi
8nvOGOVWhkR2zQGdUPjMEso=
=8bmX
-----END PGP SIGNATURE-----
More information about the unisog
mailing list