[Snort-users] non-standard ping messages
Jefferson, Shawn
Shawn.Jefferson at ...14448...
Tue Jan 21 17:03:07 EST 2014
With the recent revelations of the Target breach, I was wondering if there is an existing rule that watches for non-standard ping messages crossing the network? That was one of the indicators in this incident and that seems like something useful to look for anyway, so maybe there is already a rule either in VRT or ET the ruleset. Does anyone know of an existing rule?
Thanks!
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140121/18eb1c3e/attachment.html>
More information about the Snort-users
mailing list