[Snort-users] re. scan reporter script

Andrew Daviel andrew at ...523...
Mon May 7 20:42:08 EDT 2001


If anyone actually tried my reporter script
  http://andrew.triumf.ca/pub/security/reporter/
I've made a few small changes (& bugs no doubt).

One relates to the algorithm for choosing a domain to build
an abuse address for - instead of trying to work it out from the TLD
I now start at the TLD+1 and try to find an MX record. This after failing
on xxx.or.kr and xxx.yy.zz.us. Hopefully there are no MX records for
ac.uk, co.jp etc.

I also managed to send mail to IANA (oops) from not filtering LINKLOCAL

-- 
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376
security at ...524...





More information about the Snort-users mailing list