[Snort-users] Night Dragon Sig/Rule ?

Matthew Jonkman jonkman at ...15020...
Fri Feb 11 09:40:19 EST 2011


I think sourceforge is replaying emails from yesterday. This was the first email sent on the subject which set us all off tracking it. 

There have been several others replayed this morning as well...

Matt

On Feb 11, 2011, at 9:06 AM, Matt Olney wrote:

> Both ET and VRT have published rules on this.
> 
> Matt
> 
> On Thu, Feb 10, 2011 at 10:08 AM, Big Irish Dog <big.irish.dog at ...14542....> wrote:
> News services are talking about an attack that McAfee has called "Night Dragon"...
> http://online.wsj.com/article/SB10001424052748703716904576134661111518864.html
> 
> http://www.networkworld.com/news/2011/021011-night-dragon-attacks-from-china.html?source=nww_rss
> 
> 
> 
> 
> Are there already rules/sigs that are looking for this attack that I missed?
> 
> I'm working on trying to write my own, but I am not the strongest rule writer out there...
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110211/6592a860/attachment.html>


More information about the Snort-users mailing list