Snort mailing list archives
Re: Rules for detecting spyware
From: Brian <bmc () snort org>
Date: Thu, 28 Aug 2003 11:16:01 -0400
On Mon, Aug 11, 2003 at 09:54:49AM -0500, Marc Quibell wrote:
I've done a little checking, so far no luck. I wonder if it's possible to setup some Snort rules for detecting spyware data. I'll keep looking for the actual data content of such packets, but does anyone already have some rules? TIA!
Sure its possible to detect spyware. Do we do it currently? Nope. But thats cause I don't have packet captures for it. The easiest method for finding packets is to install the spyware in question, then sit back and watch. :) -brian ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rules for detecting spyware Marc Quibell (Aug 11)
- Re: Rules for detecting spyware Brian (Aug 28)
- RE: Rules for detecting spyware Gordon Cunningham (Aug 28)
- RE: Rules for detecting spyware twig les (Aug 28)
- RE: Rules for detecting spyware Gordon Cunningham (Aug 28)
- <Possible follow-ups>
- RE: Rules for detecting spyware Zach Forsyth (Aug 29)
- RE: Rules for detecting spyware Marc Quibell (Aug 29)
- Re: Rules for detecting spyware Brian (Aug 28)