[Snort-sigs] Payload

daniel.clemens daniel_clemens at ...842...
Thu Feb 27 06:13:05 EST 2003


I guess to translate:

Is there a repository of snort sigs along side the tcpdumps from which the
sigs derived from.

-Dan
On Wed, 26 Feb 2003 Michael.Advani at ...1221... wrote:

> Before I can write a rule to catch a particular worm, trojan, exploit, etc,
> I need to know the packet payload so that I can write up the "content" part
> of the rule, right ? Where can I find all these payloads for different
> worms, trojans ? Is there any particular website archiving all these ?
>
> Appreciate anyone's feedback on this!
>
>
> -----------------------------------------------------------------------------
> The information in this Internet email is confidential and may be legally
> privileged. It is intended solely for the addressee. Access to this Internet
> email by anyone else is unauthorised.
>
> If you are not the intended recipient, any disclosure, copying, distribution
> or any action taken or omitted to be taken in reliance on it, is prohibited
> and may be unlawful. When addressed to our clients any opinions or advice
> contained in this Internet email are subject to the terms and conditions
> expressed in any applicable governing ING's terms of business or
> client engagement letter.
>
> Visit us at www.ing.com
> -----------------------------------------------------------------------------
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for Techies!
> Can't afford IT training? All 2003 ictp students receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>

-Daniel Uriah Clemens
-------------------------------------------------------------------------------------------------------------
Esse quam videra
    		(to be, rather than to appear)
http://www.birmingham-infragard.org   | 2053284200 | 877.806.8928
--------------------------------------------------------------------------------------------------------------





More information about the Snort-sigs mailing list