[Snort-users] [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2

Eoin Miller eoin.miller at ...14586...
Wed Aug 11 14:09:43 EDT 2010


  On 8/11/2010 5:55 PM, Alex Kirk wrote:
>
>     A bit more info....  have the pcap if you want/need it.
>
> <snip>
>
> A quick aside to all readers of this list: there is no "if" when it 
> comes to the question of whether the VRT wants a PCAP when diagnosing 
> a rule issue. If you have a PCAP that you can share, we *always* want 
> it - period, end of story. Even if we can figure out a fix without the 
> PCAP, it helps us verify said fix.
>
>
> -- 
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935... <mailto:alex.kirk at ...1935...>

I think it is just mentioned that it is available instead of posting 
files to the list. Should we just forward them to support at ...1935... 
I am assuming? I just also wouldn't want to bother you guys with pcaps 
if I am just writing rules like an idiot (which happens from time to time).

-- Eoin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100811/5eb3d6de/attachment.html>


More information about the Snort-users mailing list