Snort mailing list archives
Proposed update to 1:28039
From: "Rodgers, Anthony (DTMB)" <RodgersA1 () michigan gov>
Date: Fri, 19 Dec 2014 19:37:25 +0000
Since Upworthy purchased u.pw (http://www.thedomains.com/2013/06/03/upworthy-com-buys-u-pw-as-url-shortener/), should we update INDICATOR-COMPROMISE Suspicious .pw dns query (1:28039) to add the following: content:!"|01 75 02 70 77 00|"; offset:12; depth:6; Cheers, Anthony Rodgers Security Analyst Michigan Security Operations Center (MiSOC) ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Proposed update to 1:28039 Rodgers, Anthony (DTMB) (Dec 19)
- Re: Proposed update to 1:28039 Jeremy Hoel (Dec 19)
- Re: Proposed update to 1:28039 Joel Esler (jesler) (Dec 22)
- Re: Proposed update to 1:28039 Rodgers, Anthony (DTMB) (Dec 22)
- Re: Proposed update to 1:28039 Rodgers, Anthony (DTMB) (Dec 22)
- Re: Proposed update to 1:28039 Joel Esler (jesler) (Dec 22)
- Re: Proposed update to 1:28039 Jeremy Hoel (Dec 19)