Snort mailing list archives
Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq"
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 29 Feb 2012 17:22:09 -0500
On Feb 29, 2012, at 4:35 PM, Community Signatures wrote:
On 02/29/12 15:19, Matt Olney wrote:Since you're associating with an exploit kit, rather than an active trojan, and given that exploits are typically aimed at user applications, I'd use classtype:attempted-user;Understood, on the ET side we tend to use trojan-activity because the point of the exploit kit is to install a trojan/malware. I always viewed attempted-user as privilege escalation. I may just leave classtype off and let VRT apply this and the metadata as they feel fit.
We'll be handling this differently very shortly. Classtype work will be later. Cryptic, I know, but you'll understand when you see the blog post. J
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Community Proposed (Feb 29)
- Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Matt Olney (Feb 29)
- Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Community Signatures (Feb 29)
- Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Joel Esler (Feb 29)
- Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Matt Olney (Mar 01)
- Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Community Signatures (Feb 29)
- Re: Proposed Signature - "COMMUNITY SPECIFIC-THREATS High Probability Blackhole Landing with catch qq" Matt Olney (Feb 29)