[Snort-sigs] SNORT rule for Hacker Defender?

Chris Kronberg smil at ...1754...
Fri Nov 7 01:16:03 EST 2003

On Thu, 6 Nov 2003, Johnson, Scott wrote:

> Does anyone have a rule defined for the Hacker Defender toolkit?
> If so, please foward. Thanks.

  As HackerDefender is a windows rootkit, I wonder on what you
  intend to trigger? Uploading it to a vulnerable node will
  or will not trigger your ids depending on your rules and the
  vulnerability being used. As HackerDefender is highly
  configurable I don't see how you can write a reasonable
  rule for it.
  But perhaps someone knows better?

  Have fun,


More information about the Snort-sigs mailing list