[Snort-sigs] Re: RIAA "hack-back" sig anyone?

Sam Evans sam at ...219...
Tue Jan 14 14:52:02 EST 2003


I wonder if they are sending it back to an address within the RIAA's block.. 
That might be something to start with. 

dreamwvr at ...1181... writes: 

> On Tue, Jan 14, 2003 at 10:51:00AM -0800, Florin Andrei wrote:
>> http://212.100.234.54/content/6/28842.html 
>> 
>> <quote>
>> The RIAA is preparing to infect MP3 files in order to audit and
>> eventually disable file swapping.
>> Gobbles claims that when a peer to peer host is infected, it catalogs
>> media and sends the information "back to the RIAA headquarters (through
>> specifically crafter requests over the p2p networks) where it is added
>> to their records", and also propagates the exploit to other nodes.
>> </quote>
> nope it might be a good idea to use kazaa as a litmus test for this
> pattern. Just my 2 cents. 
> 
> Best Regards,
> dreamwvr at ...1181...
>  
> -- 
> /*  Security is a work in progress - dreamwvr                 */
> #                                                             
> # Note: To begin Journey type man afterboot,man help,man hier[.]      
> #                                                             
> // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \?  ;-] 
> 
> 
> -------------------------------------------------------
> This SF.NET email is sponsored by: Take your first step towards giving 
> your online business a competitive advantage. Test-drive a Thawte SSL 
> certificate - our easy online guide will show you how. Click here to get 
> started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
 




More information about the Snort-sigs mailing list