Snort mailing list archives
Re: Easy way to test snort
From: todb () planb-security net
Date: Wed, 9 Jun 2004 17:53:40 -0500 (CDT)
Marc Daniels wondered:
Do we know if the Nachi worm author(s) pulled the ping functionality directly from the CyberKit tool, or is the matching payload just a coincidence?
It's a coincidence -- padding AAAA's is a pretty common programming habit for a lot of people. In case you're curious, Microsoft's preferred echo string is the printable alphabet (a..z), and RedHat's is a pair of hex series (0a, 0b, 0c, 0d, 0e, 0f, then x10,x11,x12..x35). ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Easy way to test snort Marc Daniels (Jun 09)
- Re: Easy way to test snort todb (Jun 09)