[Snort-users] Night Dragon Sig/Rule ?

Matt Olney molney at ...1935...
Fri Feb 11 09:06:43 EST 2011


Both ET and VRT have published rules on this.

Matt

On Thu, Feb 10, 2011 at 10:08 AM, Big Irish Dog <big.irish.dog at ...11827...>wrote:

> News services are talking about an attack that McAfee has called "Night
> Dragon"...
>
> http://online.wsj.com/article/SB100014240527487037169045761346611115
> 18864.html
>
>
> http://www.networkworld.com/news/2011/021011-night-dragon-attacks-from-china.html?source=nww_rss
>
>
> Are there already rules/sigs that are looking for this attack that I
> missed?
>
> I'm working on trying to write my own, but I am not the strongest rule
> writer out there...
>
>
>
>
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110211/4e80bdb0/attachment.html>


More information about the Snort-users mailing list