Snort mailing list archives
Re: RST.B / EGP
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 8 Jan 2002 09:54:51 -0700 (MST)
It looks like I was incorrect about RST.b using EGP. Qualys has done some research on it, and it looks like it responds to UDP packets after all. My confusion is because it specifically allocates an EGP socket, but then goes into promiscuous mode, so I guess that doesn't matter. However, there are some particular packet characteristics one could look for. Keep an eye out for some more information about RST.b over the next couple of days. Ryan On Tue, 8 Jan 2002, Ian Cudlip wrote:
Hello All, Has anyone looked into RST.b trojan.. I was considering tracking EGP (proto 8) to identify infected machines, also, does anyone have any signatures? Ian. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Diff'ing rulesets Lars Jørgensen IT (Jan 08)
- RST.B / EGP Ian Cudlip (Jan 08)
- Re: RST.B / EGP Ryan Russell (Jan 08)
- Re: Diff'ing rulesets Wolfgang Rohdewald (Jan 08)
- My ruleset differ/merg0r :-) Edwin Eefting (Jan 08)
- RE: Diff'ing rulesets Andy Wood (Jan 08)
- Re: Diff'ing rulesets Chr. v. Stuckrad (Jan 08)
- RST.B / EGP Ian Cudlip (Jan 08)