[Dshield] Sobig watch

Porter, Richard USA rwporter at nps.navy.mil
Sat Aug 23 21:07:19 GMT 2003

The set I just sent out was very generic. Fortunatly I have not had any live sobig hosts on my net, so nothing to capture. Does anyone have a TCPDump of the traffic yet?

	-----Original Message----- 
	From: John D. [mailto:lists at webcrunchers.com] 
	Sent: Fri 8/22/2003 9:10 PM 
	To: General DShield Discussion List 
	Subject: RE: [Dshield] Sobig watch

	>I am not tracking any either.. Stood up a Snort-Box for just this. If I get anything interesting Ill post on Monday...
	What Snort rules are you using?   I've been looking for the latest rules for trapping when it tries to connect to one of the 20 servers.
	list mailing list
	list at dshield.org
	To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list