[Snort-users] [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2

Matt Watchinski mwatchinski at ...1935...
Wed Aug 11 14:15:16 EDT 2010


If you are a Sourcefire customer then support at ...1935... is the
correct place, as it'll tie into your support account.  If you don't
have a support account...

fp at ...1935..., research at ...1935..., or bugs at ...950...

are the best places if you don't want to send them to list.

Cheers,
-matt

On Wed, Aug 11, 2010 at 2:09 PM, Eoin Miller
<eoin.miller at ...14586...> wrote:
> On 8/11/2010 5:55 PM, Alex Kirk wrote:
>>
>> A bit more info....  have the pcap if you want/need it.
>>
> <snip>
> A quick aside to all readers of this list: there is no "if" when it comes to
> the question of whether the VRT wants a PCAP when diagnosing a rule issue.
> If you have a PCAP that you can share, we *always* want it - period, end of
> story. Even if we can figure out a fix without the PCAP, it helps us verify
> said fix.
>
> --
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935...
>
> I think it is just mentioned that it is available instead of posting files
> to the list. Should we just forward them to support at ...1935... I am
> assuming? I just also wouldn't want to bother you guys with pcaps if I am
> just writing rules like an idiot (which happens from time to time).
>
> -- Eoin
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list