[Snort-users] FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0149 attack attempt

Joel Esler (jesler) jesler at ...589...
Wed Jun 1 10:57:47 EDT 2016

Thanks for your email.

TruffleHunter rules are for vulnerabilities that have been discovered by Talos <http://www.talosintel.com/vulnerability-reports/>, disclosed to the vendor, but the vendor has not yet issued a patch.

We may be able to determine if it is a false positive (and thereby helping the community as a whole) if you are able to provide a packet capture of the alert.

Joel Esler
Manager, Talos Group

> On May 31, 2016, at 9:58 PM, Claus Regelmann <rgc at ...17118...> wrote:
> Hello,
> my snort registered truffle hunter events.
> Does anybody need the PCAPs ?
> Claus
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160601/d3dd4eff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160601/d3dd4eff/attachment.sig>

More information about the Snort-users mailing list