[Snort-users] [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2
eoin.miller at ...14586...
Wed Aug 11 14:09:43 EDT 2010
On 8/11/2010 5:55 PM, Alex Kirk wrote:
> A bit more info.... have the pcap if you want/need it.
> A quick aside to all readers of this list: there is no "if" when it
> comes to the question of whether the VRT wants a PCAP when diagnosing
> a rule issue. If you have a PCAP that you can share, we *always* want
> it - period, end of story. Even if we can figure out a fix without the
> PCAP, it helps us verify said fix.
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> alex.kirk at ...1935... <mailto:alex.kirk at ...1935...>
I think it is just mentioned that it is available instead of posting
files to the list. Should we just forward them to support at ...1935...
I am assuming? I just also wouldn't want to bother you guys with pcaps
if I am just writing rules like an idiot (which happens from time to time).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users