[Snort-sigs] SNORT rule for Hacker Defender?
smil at ...1754...
Fri Nov 7 01:16:03 EST 2003
On Thu, 6 Nov 2003, Johnson, Scott wrote:
> Does anyone have a rule defined for the Hacker Defender toolkit?
> If so, please foward. Thanks.
As HackerDefender is a windows rootkit, I wonder on what you
intend to trigger? Uploading it to a vulnerable node will
or will not trigger your ids depending on your rules and the
vulnerability being used. As HackerDefender is highly
configurable I don't see how you can write a reasonable
rule for it.
But perhaps someone knows better?
More information about the Snort-sigs