[Snort-sigs] Payload

Michael.Advani at ...1221... Michael.Advani at ...1221...
Wed Feb 26 17:13:03 EST 2003


Correct. Can anyone help ? 

-----Original Message-----
From: daniel.clemens
To: Advani, Michael
Cc: snortmail at ...1322...; snort-sigs at lists.sourceforge.net
Sent: 2/26/03 7:07 PM
Subject: Re: [Snort-sigs] Payload


I guess to translate:

Is there a repository of snort sigs along side the tcpdumps from which
the
sigs derived from.

-Dan
On Wed, 26 Feb 2003 Michael.Advani at ...1221... wrote:

> Before I can write a rule to catch a particular worm, trojan, exploit,
etc,
> I need to know the packet payload so that I can write up the "content"
part
> of the rule, right ? Where can I find all these payloads for different
> worms, trojans ? Is there any particular website archiving all these ?
>
> Appreciate anyone's feedback on this!
>
>
>
------------------------------------------------------------------------
-----
> The information in this Internet email is confidential and may be
legally
> privileged. It is intended solely for the addressee. Access to this
Internet
> email by anyone else is unauthorised.
>
> If you are not the intended recipient, any disclosure, copying,
distribution
> or any action taken or omitted to be taken in reliance on it, is
prohibited
> and may be unlawful. When addressed to our clients any opinions or
advice
> contained in this Internet email are subject to the terms and
conditions
> expressed in any applicable governing ING's terms of business or
> client engagement letter.
>
> Visit us at www.ing.com
>
------------------------------------------------------------------------
-----
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for Techies!
> Can't afford IT training? All 2003 ictp students receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>

-Daniel Uriah Clemens
------------------------------------------------------------------------
-------------------------------------
Esse quam videra
    		(to be, rather than to appear)
http://www.birmingham-infragard.org   | 2053284200 | 877.806.8928
------------------------------------------------------------------------
--------------------------------------




More information about the Snort-sigs mailing list