Snort mailing list archives
Re: [Emerging-Sigs] [Snort-sigs] Snort rules against traffic from Tor
From: Matt Jonkman <jonkman () jonkmans com>
Date: Thu, 18 Dec 2008 15:37:45 -0500
Frank Knobbe wrote:
No no, I mean, reviewing the alerts generated by inbound TOR sigs and checking if there are SQL injection or other attacks that the regular didn't alert on
Ahh ya. That's a very good idea. What I've been doing out of curiousity so far is grepping my apache logs for the IPs that trip tor exit nodes but nothing else, and so far they're all very obvious bad stuff. Looking for apps that don't exist, pass change forms, rfi's etc. Will look closer and see where we can tune rules to make sure there are hits where appropriate. Good idea frank! Mat
-Frank ------------------------------------------------------------------------ _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
-- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] [Snort-sigs] Snort rules against traffic from Tor Matt Jonkman (Dec 18)