Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort on windsXP

From: Peter Bates <peter.bates () ucl ac uk>
Date: Thu, 27 Jun 2013 12:25:21 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 27/06/2013 11:44, MCLEOD, DONNIE wrote:

Hi Snort-users,does anyone know how to add a rule for detecting shell-code and give an alert when triggered?


You might want to add a bit more detail on your system
but there are two sets of rules:

indicator-shellcode.rules (VRT ruleset)
shellcode.rules (ET ruleset)

If you include these and the rest of your system
is working you should see some hits.

- -- 
Peter Bates
Senior Information Security Officer   Phone: +44(0)2076792049
Information Services Division         Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRzCEhAAoJELhVoVpEMS6RA7gIAKrNqaPGoii2CBM2afseL0po
lAjL1L74gspPINRc5BHKuFujy/t6Ic2CmXyHokpr/RbW7ga1hwD2S3CsD/AkqUo6
Ial3S6IZ8BSsG+7YU7D72XFv9oZIoU2Fmy0ZCtSCs+8Xgmn7l92B0h9XDmZKerTi
B4n252o0o3VYyPoCz9Uxnqqqt64Z7L06vGZF3sIVcIWPHBHacf+IUxDWBnFnQ5OE
rWh2G/Dz1hYSttaXNgCmDgCFopNS83OZie0BSLRV12Z3aKqy+fK1R8Eo3+ZnoCjj
m60I52MturSEz6glk8s/GDmz2KNlDIWqsseX70K4nSrVMJimOw77Ka5GL+wffzA=
=G4Pm
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: