[Snort-users] Dynamic Preprocessor install (PE Hunter) help
tmaletic at ...11827...
Thu Aug 28 12:41:58 EDT 2008
On Thu, Aug 28, 2008 at 12:21 PM, Tommy Cansanay <toortog at ...11827...> wrote:
> I got it to compile,
> run, and I tried testing it on a dedicated network, but haven't had any hits
> either. Curious, do you have the preproc name when it did fire?
When pehunter fires, snort will drop log messages like:
PE file extracted: 69120 bytes dumped to
(Those paying attention will recognize the md5 of notepad.exe. :)
More information about the Snort-users