[Dshield] Sobig watch
Porter, Richard USA
rwporter at nps.navy.mil
Sat Aug 23 21:07:19 GMT 2003
The set I just sent out was very generic. Fortunatly I have not had any live sobig hosts on my net, so nothing to capture. Does anyone have a TCPDump of the traffic yet?
From: John D. [mailto:lists at webcrunchers.com]
Sent: Fri 8/22/2003 9:10 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Sobig watch
>I am not tracking any either.. Stood up a Snort-Box for just this. If I get anything interesting Ill post on Monday...
What Snort rules are you using? I've been looking for the latest rules for trapping when it tries to connect to one of the 20 servers.
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list