[Snort-users] Webx, GotoMyPc and Loophole

Frank Knobbe frank at ...9761...
Wed Mar 8 17:55:02 EST 2006

On Wed, 2006-03-08 at 18:20 -0600, Ron Jenkins wrote:
> Has anyone written a rule to detect these?

Sure, Have you checked the BleedingSnort rules?

grep -i webex * | sed "s/:.*sid//" |sed "s/;.*//"
bleeding-policy.rules: 2001712
bleeding-policy.rules: 2001713
bleeding-policy.rules: 2001714

grep -i gotomypc * | sed "s/:.*sid//" | sed "s/;.*//"
bleeding-policy.rules: 2000309
bleeding-policy.rules: 2002022

Nothing on loophole. Any info you can provide on that?


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060308/42dd8b53/attachment.sig>

More information about the Snort-users mailing list