[Dshield] Sobig watch

Porter, Richard USA rwporter at nps.navy.mil
Sat Aug 23 21:07:19 GMT 2003


The set I just sent out was very generic. Fortunatly I have not had any live sobig hosts on my net, so nothing to capture. Does anyone have a TCPDump of the traffic yet?
 
Rich

	-----Original Message----- 
	From: John D. [mailto:lists at webcrunchers.com] 
	Sent: Fri 8/22/2003 9:10 PM 
	To: General DShield Discussion List 
	Cc: 
	Subject: RE: [Dshield] Sobig watch
	
	

	>I am not tracking any either.. Stood up a Snort-Box for just this. If I get anything interesting Ill post on Monday...
	
	What Snort rules are you using?   I've been looking for the latest rules for trapping when it tries to connect to one of the 20 servers.
	
	John
	
	
	_______________________________________________
	list mailing list
	list at dshield.org
	To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
	



More information about the list mailing list