Snort mailing list archives
Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 11 Aug 2010 14:15:16 -0400
If you are a Sourcefire customer then support () sourcefire com is the correct place, as it'll tie into your support account. If you don't have a support account... fp () sourcefire com, research () sourcefire com, or bugs () snort org are the best places if you don't want to send them to list. Cheers, -matt On Wed, Aug 11, 2010 at 2:09 PM, Eoin Miller <eoin.miller () trojanedbinaries com> wrote:
On 8/11/2010 5:55 PM, Alex Kirk wrote:A bit more info.... have the pcap if you want/need it.<snip> A quick aside to all readers of this list: there is no "if" when it comes to the question of whether the VRT wants a PCAP when diagnosing a rule issue. If you have a PCAP that you can share, we *always* want it - period, end of story. Even if we can figure out a fix without the PCAP, it helps us verify said fix. -- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com I think it is just mentioned that it is available instead of posting files to the list. Should we just forward them to support () sourcefire com I am assuming? I just also wouldn't want to bother you guys with pcaps if I am just writing rules like an idiot (which happens from time to time). -- Eoin ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2, (continued)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 10)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Eoin Miller (Aug 10)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Matt Watchinski (Aug 11)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 11)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Will Metcalf (Aug 11)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Alex Kirk (Aug 11)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Eoin Miller (Aug 11)
- Re: [Emerging-Sigs] Signatures for Clients POSTing to SEO/NEOsploit Exploit Kits - Round 2 Matt Watchinski (Aug 11)