[Dshield] Mpack Snort Sigs?

Tomas L. Byrnes tomb at byrneit.net
Tue Jun 19 02:56:45 GMT 2007


On a similar note, does anyone have a list of the seed sites? We could
propagate them as an emergency block list in ThreatSTOP basic.

 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Brian Varine
> Sent: Monday, June 18, 2007 5:34 PM
> To: General DShield Discussion List
> Subject: [Dshield] Mpack Snort Sigs?
> 
> There was a pretty good write up in todays handlers diary 
> about Mpack. Has anyone written good Snort sigs for this 
> exploit? So far we've put one in to flag any downloads of 
> o7.php, any other successful sigs?
> 
> http://isc.sans.org/diary.html
> http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/
> 11/MPack.pdf
> 
> 
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 
> courses, SANS top instructors, and a great tools and 
> solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
> 



More information about the list mailing list