Snort mailing list archives
Re: no documentation about some rules
From: Jamie Riden <jamie.riden () gmail com>
Date: Thu, 28 Aug 2014 16:21:16 +0100
malware-cnc means that IP address has been observed acting as a Command and Control server for some malware in the past, which in turn means you might want to check if any of those boxes which are trying to talk to it are compromised. Not so sure about blacklists - it depends on which list they were found in. cheers, Jamie On 28 August 2014 15:40, Maurizio Di Pietro (Esterna) <m.dipietro () resi it> wrote:
I have one instance of snort that raises some event. I didn’t find the documentation about their online and in opensource.tar.gz. All event belong two categories, malware-cnc.rules and blacklist.rues For example 27247, 28539, 28805, 29262, 24034, 30833, 23493, 30825, 30842, 30840, 30836, 30827, 30835, 31136, 30260, etc… Why there aren’t a documentation about their? How can I find information about this event? I’m registered user and use rules 2962. Thanks ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- no documentation about some rules Maurizio Di Pietro (Esterna) (Aug 28)
- Re: no documentation about some rules Joel Esler (jesler) (Aug 28)
- R: no documentation about some rules Maurizio Di Pietro (Esterna) (Aug 29)
- Re: no documentation about some rules Joel Esler (jesler) (Aug 29)
- R: no documentation about some rules Maurizio Di Pietro (Esterna) (Aug 29)
- Re: no documentation about some rules Jamie Riden (Aug 28)
- Re: no documentation about some rules Joel Esler (jesler) (Aug 28)
- Re: no documentation about some rules Jamie Riden (Aug 29)
- Re: no documentation about some rules Joel Esler (jesler) (Aug 28)
- Re: no documentation about some rules Joel Esler (jesler) (Aug 28)