Snort mailing list archives

Re: Webx, GotoMyPc and Loophole

From: Frank Knobbe <frank () knobbe us>
Date: Wed, 08 Mar 2006 19:54:42 -0600

On Wed, 2006-03-08 at 18:20 -0600, Ron Jenkins wrote:

Has anyone written a rule to detect these?


Sure, Have you checked the BleedingSnort rules?

grep -i webex * | sed "s/:.*sid//" |sed "s/;.*//"
bleeding-policy.rules: 2001712
bleeding-policy.rules: 2001713
bleeding-policy.rules: 2001714

grep -i gotomypc * | sed "s/:.*sid//" | sed "s/;.*//"
bleeding-policy.rules: 2000309
bleeding-policy.rules: 2002022
policy.rules:1429

Nothing on loophole. Any info you can provide on that?

Regards,
Frank



-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Webx, GotoMyPc and Loophole Ron Jenkins (Mar 08)
- Re: Webx, GotoMyPc and Loophole Frank Knobbe (Mar 08)
- <Possible follow-ups>
- RE: Webx, GotoMyPc and Loophole Ron Jenkins (Mar 08)