[Snort-users] non-standard ping messages

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Jan 21 17:03:07 EST 2014


With the recent revelations of the Target breach, I was wondering if there is an existing rule that watches for non-standard ping messages crossing the network?  That was one of the indicators in this incident and that seems like something useful to look for anyway, so maybe there is already a rule either in VRT or ET the ruleset.  Does anyone know of an existing rule?

Thanks!
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140121/18eb1c3e/attachment.html>


More information about the Snort-users mailing list