[Snort-users] Webx, GotoMyPc and Loophole

Ron Jenkins rjenkins at ...12829...
Wed Mar 8 18:44:02 EST 2006


Thanks...

-----Original Message-----
From: Frank Knobbe [mailto:frank at ...9761...] 
Sent: Wednesday, March 08, 2006 7:55 PM
To: Ron Jenkins
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Webx, GotoMyPc and Loophole

On Wed, 2006-03-08 at 18:20 -0600, Ron Jenkins wrote:
> Has anyone written a rule to detect these?

Sure, Have you checked the BleedingSnort rules?

grep -i webex * | sed "s/:.*sid//" |sed "s/;.*//"
bleeding-policy.rules: 2001712
bleeding-policy.rules: 2001713
bleeding-policy.rules: 2001714

grep -i gotomypc * | sed "s/:.*sid//" | sed "s/;.*//"
bleeding-policy.rules: 2000309
bleeding-policy.rules: 2002022
policy.rules:1429

Nothing on loophole. Any info you can provide on that?

Regards,
Frank



-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.





More information about the Snort-users mailing list