[Snort-users] Odd packets... maybe a new Trojan?

Martin Roesch roesch at ...421...
Thu Oct 26 00:02:14 EDT 2000


There was actually an incident reported to GIAC today (10/25) from Mike Worman
that matches this probe....

    -Marty

Brian Caswell wrote:
> 
> Daniel Harrison wrote:
> 
> > You could have taken that packet off my snort logs on my home machine. The exact
> > same except for the home address and they did mine on 10/22. Someone has been
> > busy and now I don't feel left out! =)
> 
> GIAC (http://www.sans.org/giac.htm) is probably the best place that I have seen
> when it comes
> to handling incidents.   I checked (9:33PM EST) and didn't see anything mentioning
> these portscans.
> 
> Those that get scanned for "new things" or have got an increase in specific scans
> should
> forward them on to GIAC.    There is a staff member that goes over everything that
> has
> been submitted and makes judgement calls based on the stuff seen there, and
> advisories
> sometimes are issued.  Guess where the information for the SANS Top10
> vulnerabilities
> comes from?
> 
> --
> Brian Caswell
> The MITRE Corporation
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list