Snort mailing list archives
Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset)
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 6 Oct 2013 23:37:37 -0400
On Oct 4, 2013, at 11:37 PM, nicenate () verizon net wrote: In the case of this rule we just have not seen any current discussion for this rule. We are asking here if anyone knows more about why this rule has been placed back into the VRT snort rule set.
Thank you for asking. This wasn't "placed back" into the ruleset, it seems as if we didn't cover this particular piece of the traffic to begin with, so while the references are from 2008, it's still a relevant rule. -- Joel Esler ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 04)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) James Lay (Oct 04)
- <Possible follow-ups>
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) nicenate (Oct 04)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) Joel Esler (Oct 06)
- Re: Request assistance regarding VRT sig 1:27962 (MALWARE-CNC Win.Trojan.Storm botnet connection reset) wkitty42 (Oct 05)