[Snort-sigs] no documentation about some rules

Jamie Riden jamie.riden at ...2420...
Thu Aug 28 11:21:16 EDT 2014


malware-cnc means that IP address has been observed acting as a
Command and Control server for some malware in the past, which in turn
means you might want to check if any of those boxes which are trying
to talk to it are compromised.

Not so sure about blacklists - it depends on which list they were found in.

cheers,
 Jamie

On 28 August 2014 15:40, Maurizio Di Pietro (Esterna)
<m.dipietro at ...3944...> wrote:
> I have one instance of snort that raises some event. I didn’t find the
> documentation about their online and in opensource.tar.gz.
>
> All event belong two categories, malware-cnc.rules and blacklist.rues
>
> For example
>
> 27247, 28539, 28805, 29262, 24034, 30833, 23493, 30825, 30842, 30840, 30836,
> 30827, 30835, 31136, 30260, etc…
>
>
>
> Why there aren’t a documentation about their?
>
> How can I find information about this event?
>
>
>
> I’m registered user and use rules 2962.
>
>
>
> Thanks
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Slashdot TV.
> Video for Nerds.  Stuff that matters.
> http://tv.slashdot.org/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!



-- 
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
http://uk.linkedin.com/in/jamieriden




More information about the Snort-sigs mailing list