Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] anyone have a good Swen sig

From: Brian A Kee <bkee () lurhq com>
Date: Mon, 3 Nov 2003 16:22:13 -0600
This was poseted a few posts before yours:

alert tcp $EXTERNAL_NET any -> any any (msg:"W32.Swen@mm - 
SMB";content:"|59 59 85 C0 74 09 6A 01 58 83 4D FC FF EB 15 FF 85 E0 
FE FF FF EB C7 6A 01 58 C3 8B 65 E8 83 4D|"; classtype:misc-
activity;rev:1;)

alert tcp $EXTERNAL_NET any -> any any (msg:"W32.Swen@mm - 
MIME";content:"QABohKNAAGShAAAAAFBkiSUAAAAAgewUAQAAU1ZXiWXoM/+JffyJvdz
+//+LdQhW6NORAABZhcB0"; classtype:misc-activity;rev:1;)

For more info, check the archives.

BAK


On Friday 31 October 2003 12:05 pm, Philip Davidson wrote:

Hey all,

Do any of you have a good working SWEN signature?
I can't seem to get any of mine to work.

All signatures welcomed.




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: