[Snort-users] Odd packets... maybe a new Trojan?

Brian Caswell bmc at ...312...
Wed Oct 25 18:02:57 EDT 2000

Daniel Harrison wrote:

> You could have taken that packet off my snort logs on my home machine. The exact
> same except for the home address and they did mine on 10/22. Someone has been
> busy and now I don't feel left out! =)

GIAC (http://www.sans.org/giac.htm) is probably the best place that I have seen
when it comes
to handling incidents.   I checked (9:33PM EST) and didn't see anything mentioning
these portscans.

Those that get scanned for "new things" or have got an increase in specific scans
forward them on to GIAC.    There is a staff member that goes over everything that
been submitted and makes judgement calls based on the stuff seen there, and
sometimes are issued.  Guess where the information for the SANS Top10
comes from?

Brian Caswell
The MITRE Corporation

More information about the Snort-users mailing list