[Snort-users] Snort on windsXP

Peter Bates peter.bates at ...15381...
Thu Jun 27 07:25:21 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 27/06/2013 11:44, MCLEOD, DONNIE wrote:
> Hi Snort-users,does anyone know how to add a rule for detecting shell-code and give an alert when triggered?

You might want to add a bit more detail on your system
but there are two sets of rules:

indicator-shellcode.rules (VRT ruleset)
shellcode.rules (ET ruleset)

If you include these and the rest of your system
is working you should see some hits.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division	      Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRzCEhAAoJELhVoVpEMS6RA7gIAKrNqaPGoii2CBM2afseL0po
lAjL1L74gspPINRc5BHKuFujy/t6Ic2CmXyHokpr/RbW7ga1hwD2S3CsD/AkqUo6
Ial3S6IZ8BSsG+7YU7D72XFv9oZIoU2Fmy0ZCtSCs+8Xgmn7l92B0h9XDmZKerTi
B4n252o0o3VYyPoCz9Uxnqqqt64Z7L06vGZF3sIVcIWPHBHacf+IUxDWBnFnQ5OE
rWh2G/Dz1hYSttaXNgCmDgCFopNS83OZie0BSLRV12Z3aKqy+fK1R8Eo3+ZnoCjj
m60I52MturSEz6glk8s/GDmz2KNlDIWqsseX70K4nSrVMJimOw77Ka5GL+wffzA=
=G4Pm
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list