Snort mailing list archives

Re: Rules for detecting spyware

From: Brian <bmc () snort org>
Date: Thu, 28 Aug 2003 11:16:01 -0400

On Mon, Aug 11, 2003 at 09:54:49AM -0500, Marc Quibell wrote:

I've done a little checking, so far no luck. I wonder if it's possible to setup
some Snort rules for detecting spyware data. I'll keep looking for the actual
data content of such packets, but does anyone already have some rules? TIA!


Sure its possible to detect spyware.  Do we do it currently?  Nope.  But 
thats cause I don't have packet captures for it.  The easiest method for 
finding packets is to install the spyware in question, then sit back
and watch.  :)

-brian


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Rules for detecting spyware Marc Quibell (Aug 11)
- Re: Rules for detecting spyware Brian (Aug 28)
  - RE: Rules for detecting spyware Gordon Cunningham (Aug 28)
    - RE: Rules for detecting spyware twig les (Aug 28)
- <Possible follow-ups>
- RE: Rules for detecting spyware Zach Forsyth (Aug 29)
- RE: Rules for detecting spyware Marc Quibell (Aug 29)