Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-sigs Digest, Vol 113, Issue 19

From: Alex McDonnell <amcdonnell () sourcefire com>
Date: Tue, 27 Oct 2015 15:51:03 -0400
If you have a pcap Austin I'd love to take a look.

thanks
Alex McDonnell
TALOS




Message: 3
Date: Tue, 27 Oct 2015 19:07:57 +0000
From: "Hummert, Austin" <Austin.Hummert () adm com>
Subject: [Snort-sigs] question
To: "snort-sigs () lists sourceforge net"
        <snort-sigs () lists sourceforge net>
Message-ID:
        <17339606afd3401fbe7b718adef5cc3c () LDCEX13MB5 na admworld com>
Content-Type: text/plain; charset="us-ascii"

Hello all,

I have a question on a rule that's been firing in my environment.

OS-WINDOWS TRUFFLEHUNTER TALOS-2015-0005 attack attempt (3:36222)

I understand the concept of trufflehunter rules, but I'm wondering how
other people are handling these. The packets triggering this rule appear to
be legitimate outbound traffic, and the destination does not appear to be
blacklisted in any way. The problem is I don't know exactly what the rule
is looking for so it makes it difficult to verify the traffic itself.

Any thoughts on trufflehunter?

Thanks,

Austin



Confidentiality Notice:
This message may contain confidential or privileged information, or
information that is otherwise exempt from disclosure. If you are not the
intended recipient, you should promptly delete it and should not disclose,
copy or distribute it to others.


-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------


------------------------------------------------------------------------------


------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

End of Snort-sigs Digest, Vol 113, Issue 19
*******************************************


------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: