Snort mailing list archives
RE: Rules for detecting spyware
From: twig les <twigles () yahoo com>
Date: Thu, 28 Aug 2003 09:59:34 -0700 (PDT)
Spyware sucks [pause for applause]. Two things that I did to stop it were using the free version of Zone Alarm on my M$ boxen and running "Ad-aware". Ad-aware is a signature-based house cleaning tool and ZA prompts you to allow each program to use your network explicitly, which most users will just say yes to but it's better than nothing. I can't imagine spyware signatures working on the network level unless you wrote one for each application. At that point the vendor could just read the signature in snort database and go around it. Fortunately as Americans we can trust our government to protect our privacy...BWAHAHAHAHAHA. --- Gordon Cunningham <gacunningham () bellsouth net> wrote:
Everyone is worried about the rogue blackhat hacker team, when the types of companies and thinking behind spyware use to collect information about your "habits" are probably far more insidious over time. - Gordon "When I finally found a spam filter that worked, I no longer received any email." -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Brian Sent: Thursday, August 28, 2003 11:16 AM To: Marc Quibell Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Rules for detecting spyware On Mon, Aug 11, 2003 at 09:54:49AM -0500, Marc Quibell wrote:I've done a little checking, so far no luck. I wonder ifit's possible to setupsome Snort rules for detecting spyware data. I'll keeplooking for the actualdata content of such packets, but does anyone already havesome rules? TIA! Sure its possible to detect spyware. Do we do it currently? Nope. But thats cause I don't have packet captures for it. The easiest method for finding packets is to install the spyware in question, then sit back and watch. :) -brian ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Emo is what happens when the glee club goes punk. ----------------------------------------------------------- __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rules for detecting spyware Marc Quibell (Aug 11)
- Re: Rules for detecting spyware Brian (Aug 28)
- RE: Rules for detecting spyware Gordon Cunningham (Aug 28)
- RE: Rules for detecting spyware twig les (Aug 28)
- RE: Rules for detecting spyware Gordon Cunningham (Aug 28)
- <Possible follow-ups>
- RE: Rules for detecting spyware Zach Forsyth (Aug 29)
- RE: Rules for detecting spyware Marc Quibell (Aug 29)
- Re: Rules for detecting spyware Brian (Aug 28)