Snort mailing list archives
Re: Night Dragon Sig/Rule ?
From: Matthew Jonkman <jonkman () emergingthreatspro com>
Date: Fri, 11 Feb 2011 09:40:19 -0500
I think sourceforge is replaying emails from yesterday. This was the first email sent on the subject which set us all off tracking it. There have been several others replayed this morning as well... Matt On Feb 11, 2011, at 9:06 AM, Matt Olney wrote:
Both ET and VRT have published rules on this. Matt On Thu, Feb 10, 2011 at 10:08 AM, Big Irish Dog <big.irish.dog () gmail com> wrote: News services are talking about an attack that McAfee has called "Night Dragon"... http://online.wsj.com/article/SB10001424052748703716904576134661111518864.html http://www.networkworld.com/news/2011/021011-night-dragon-attacks-from-china.html?source=nww_rss Are there already rules/sigs that are looking for this attack that I missed? I'm working on trying to write my own, but I am not the strongest rule writer out there... ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Night Dragon Sig/Rule ? Big Irish Dog (Feb 11)
- Re: Night Dragon Sig/Rule ? Matt Olney (Feb 11)
- Re: Night Dragon Sig/Rule ? Matthew Jonkman (Feb 11)
- Re: Night Dragon Sig/Rule ? Joel Esler (Feb 11)
- Re: Night Dragon Sig/Rule ? Matthew Jonkman (Feb 11)
- Re: Night Dragon Sig/Rule ? Matt Olney (Feb 11)