[Snort-sigs] Payload

Andrew Hintz (Drew) drew at ...486...
Wed Feb 26 22:02:12 EST 2003


The best thing I'm aware of is arachNIDS <http://www.whitehats.com/ids/>.
It has packet dumps of many different attacks.  Many of the Snort sigs
reference arachNIDS.

On a side note, bmc has requested pcap for the Snort sigs, but I'm not sure
what he's doing with it or if he has received any submissions
<http://www.snort.org/snort-db/help.html>.

> -----Original Message-----
> From: snort-sigs-admin at lists.sourceforge.net
> [mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of
> Michael.Advani at ...1221...
> Sent: Wednesday, February 26, 2003 7:12 PM
> To: daniel_clemens at ...842...
> Cc: snortmail at ...1322...; snort-sigs at lists.sourceforge.net
> Subject: RE: [Snort-sigs] Payload
>
>
> Correct. Can anyone help ?
>
> -----Original Message-----
> From: daniel.clemens
> To: Advani, Michael
> Cc: snortmail at ...1322...; snort-sigs at lists.sourceforge.net
> Sent: 2/26/03 7:07 PM
> Subject: Re: [Snort-sigs] Payload
>
>
> I guess to translate:
>
> Is there a repository of snort sigs along side the tcpdumps from which
> the
> sigs derived from.
>
> -Dan
> On Wed, 26 Feb 2003 Michael.Advani at ...1221... wrote:
>
> > Before I can write a rule to catch a particular worm, trojan, exploit,
> etc,
> > I need to know the packet payload so that I can write up the "content"
> part
> > of the rule, right ? Where can I find all these payloads for different
> > worms, trojans ? Is there any particular website archiving all these ?
> >
> > Appreciate anyone's feedback on this!
> >
> >
> >
> >
>
> -Daniel Uriah Clemens





More information about the Snort-sigs mailing list