[Snort-users] non-standard ping messages
Shawn.Jefferson at ...14448...
Tue Jan 21 17:03:07 EST 2014
With the recent revelations of the Target breach, I was wondering if there is an existing rule that watches for non-standard ping messages crossing the network? That was one of the indicators in this incident and that seems like something useful to look for anyway, so maybe there is already a rule either in VRT or ET the ruleset. Does anyone know of an existing rule?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users