[Snort-users] [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2

Matt Watchinski mwatchinski at ...1935...
Wed Aug 11 14:15:16 EDT 2010

If you are a Sourcefire customer then support at ...1935... is the
correct place, as it'll tie into your support account.  If you don't
have a support account...

fp at ...1935..., research at ...1935..., or bugs at ...950...

are the best places if you don't want to send them to list.


On Wed, Aug 11, 2010 at 2:09 PM, Eoin Miller
<eoin.miller at ...14586...> wrote:
> On 8/11/2010 5:55 PM, Alex Kirk wrote:
>> A bit more info....  have the pcap if you want/need it.
> <snip>
> A quick aside to all readers of this list: there is no "if" when it comes to
> the question of whether the VRT wants a PCAP when diagnosing a rule issue.
> If you have a PCAP that you can share, we *always* want it - period, end of
> story. Even if we can figure out a fix without the PCAP, it helps us verify
> said fix.
> --
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935...
> I think it is just mentioned that it is available instead of posting files
> to the list. Should we just forward them to support at ...1935... I am
> assuming? I just also wouldn't want to bother you guys with pcaps if I am
> just writing rules like an idiot (which happens from time to time).
> -- Eoin
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

More information about the Snort-users mailing list