Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Easy way to test snort

From: todb () planb-security net
Date: Wed, 9 Jun 2004 17:53:40 -0500 (CDT)
Marc Daniels wondered:


Do we know if the Nachi worm author(s) pulled the ping functionality
directly from the CyberKit tool, or is the matching payload just a
coincidence?


It's a coincidence -- padding AAAA's is a pretty common programming habit
for a lot of people.

In case you're curious, Microsoft's preferred echo string is the printable
alphabet (a..z), and RedHat's is a pair of hex series (0a, 0b, 0c, 0d, 0e,
0f, then x10,x11,x12..x35).


-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: