[Snort-sigs] 21042 Blacklist

Joel Esler jesler at ...435...
Thu Feb 23 19:22:12 EST 2012


Leroy,

As JJ points out, the rule below is one of the references in the rule itself.  That rule was written off of a live exploit for blackhole.  Are you seeing hits on that at your location?

J

On Feb 23, 2012, at 5:21 PM, JJC <cummingsj at ...2420...> wrote:

> http://contagiodump.blogspot.com/2012/01/blackhole-ramnit-samples-and-analysis.html
> 
> On Thu, Feb 23, 2012 at 3:05 PM, Ranel, LeRoy (Norcross) <LeRoy.Ranel at ...253...3658...> wrote:
> Can someone provide some insight or direct me to a location for more information regarding the behavior of this expoloit?
> 
>  
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120223/0bee0ebb/attachment.html>


More information about the Snort-sigs mailing list