Snort mailing list archives
Re: Rule efficiency
From: "Isherwood, Jeffrey - IS" <Jeffrey.Isherwood () itt com>
Date: Mon, 26 Jul 2010 17:09:54 -0400
LoL ;) well, while the outside hosts should not make it past the firewalls etc... I'd like to know that they are trying... so I am looking for traffic bi-directionaly. I do not have access to the DNS servers... and since many of the domains I'm chasing are dynamic... without access to DNS I'm stuck watching for content... And yes... even if the domains are down, I'm very interested in hosts internally that might be looking for crappydomain.com and it's friends -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Monday, July 26, 2010 3:38 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Rule efficiency
a quick question concerning your task... is this concerning sites that you host/hosted so you are looking for inbound traffic to them or are these sites that the corporate entity has placed "out of bounds" and you are looking for outbound traffic to them?
if the sites were hosted and are no longer available, what is the reasoning for looking for traffic headed to them? why not just dump the DNS entries for them and close up the sites... if they're down, what does it matter that something out there is using an old list... hummm... unless maybe they were C&C centers and one is now attempting to find the culprit botherder... hummm...
This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- MP3's are evil... Searching for traffic based upon uploaded file type..., (continued)
- MP3's are evil... Searching for traffic based upon uploaded file type... Isherwood, Jeffrey - IS (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
- Re: MP3's are evil... Searching for traffic basedupon uploaded file type... Castle, Shane (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Isherwood, Jeffrey - IS (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Jason Haar (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
- Re: Rule efficiency waldo kitty (Jul 23)
- Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 26)
- Re: Rule efficiency waldo kitty (Jul 26)
- Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 26)
- Re: Rule efficiency Alex Tatistcheff (Sep 07)