Re: Re: typo on Srizbi

Thread: Re: Re: typo on Srizbi

Search this list only Search all lists
Re: Re: typo on Srizbi
Canada	2007-12-13 16:14:27
May I recommend the following in /etc/oinkmaster.conf: modifysid * "reference:url:" \| "reference:url," And if you're not using oinkmaster, you should be CP Blake Hartstein wrote: > Fixed. sorry about that, you might consider upgrading to a newer snort > version. > I'll test with 2.6 in the future as well. > > Blake > > > Jack Pepper wrote: >> Quoting Blake Hartstein <urule99gmail.com>: >> >>> >>> #by Joe Stewart from SecureWorks >>> alert udp $HOME_NET 1024: -> $EXTERNAL_NET 4099 (msg:"BLEEDING-EDGE >>> TROJAN Srizbi registering with controller"; dsize:20; content:"\|2d\|"; >>> offset:6; content:"\|2d\|"; distance:6; within:1; >>> classtype:trojan-activity; >>> reference:url:www.secureworks.com/research/threats/ronpaul; sid:2007706; >>> rev:1; ) >> >> "url:" should be "url," . >> >> jp >> Framework? I don't need no stinking framework! >> >> ------------------------------------------------------------ ---- >> fferent Security Labs: Isolate/Insulate/Innovate >> http://www.afferentse curity.com >> >> _______________________________________________ >> Bleeding-sigs mailing list >> Bleeding-sigsbleedingthreats.net >> http://lists.bleedingthreats.net/cgi-bin/ mailman/listinfo/bleeding-sigs > > _______________________________________________ > Bleeding-sigs mailing list > Bleeding-sigsbleedingthreats.net > http://lists.bleedingthreats.net/cgi-bin/ mailman/listinfo/bleeding-sigs _______________________________________________ Bleeding-sigs mailing list Bleeding-sigsbleedingthreats.net http://lists.bleedingthreats.net/cgi-bin/ mailman/listinfo/bleeding-sigs

[1]

about | contact Other archives ( Real Estate discussion Medical topics )