[Snort-sigs] Assessing your malware exposure with Snort

particle.bored at ...3000... particle.bored at ...3000...
Mon Feb 21 07:05:05 EST 2005


I have written a few thousand Snort rules that are intended to detect successful
HTTP communication with hosts known to be evil. They look for domain names in
the Host string so they are not subject to evasion by changing IP addresses.

If you would like to give them a try you can grab them from
http://www.kgb.to/malware.html .

Particle Bored




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the Snort-sigs mailing list